Prosím o kontrolu logu

Andik · Příspěvekod **Andik** » 27 lis 2008 17:21

Aha, to mě vůbec nenapadlo:) Ale i tak se tomu nějak nechce, ale RSIT už zafungoval

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-11-27 17:13:54
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 24 GB (48%) free of 50 GB
Total RAM: 1023 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:56 odp., on 27.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe-skola\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Documents and Settings\All Users\Data aplikací\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Program Files\NetSoftware\NetSoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Administrator\Plocha\abcd.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetSoftware\IEHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] _RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe-skola\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NetSoftware] "C:\Program Files\NetSoftware\Starter.exe" /path="C:\Program Files\NetSoftware"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: iWin Desktop Alerts.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ\ICQ 6 czech\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ\ICQ 6 czech\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.3.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe-skola\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 1: Frekvence 1 - http://www.frekvence1.cz/cs/webova_radi ... 2_ad.shtml

--
End of file - 8776 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Antispyware Scheduled Scan.job
C:\WINDOWS\tasks\{D34F18B0-576E-11D0-B28C-00C04FD7CD22}_LERCH_Administrator.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}]
IEHlprObj Class - C:\Program Files\NetSoftware\IEHelper.dll [2008-11-02 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=_RTHDCPL.EXE []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-11-01 949376]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2007-10-09 90112]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2007-10-01 413696]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"Adobe Version Cue CS2"=C:\Program Files\Adobe-skola\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-05-25 856064]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NetSoftware"=C:\Program Files\NetSoftware\Starter.exe [2008-11-02 94208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-08-03 202024]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Data aplikací\iWin Games\DesktopAlerts\DesktopAlerts.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispCpl"=0
"NoDispAppearancePage"=0
"NoDispSettingsPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.txt - open - Notepad.exe %1

======List of files/folders created in the last 1 months======

2008-11-27 17:13:54 ----D---- C:\rsit
2008-11-27 17:00:12 ----D---- C:\ComboFix
2008-11-27 14:48:24 ----D---- C:\zprava_806
2008-11-27 14:23:50 ----A---- C:\SDFix.exe
2008-11-26 17:33:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-25 20:57:13 ----D---- C:\GameHouse Games
2008-11-25 20:56:31 ----D---- C:\Program Files\RealArcade
2008-11-22 17:25:09 ----D---- C:\Program Files\EscapetheMuseum_at
2008-11-22 16:15:20 ----D---- C:\Program Files\SpookyManor_at
2008-11-22 10:19:22 ----D---- C:\Program Files\SpiritofWanderingTheLegend_at
2008-11-21 22:37:09 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Friday's games
2008-11-21 17:10:03 ----D---- C:\Program Files\MagicEncyclopedia_at
2008-11-21 16:49:49 ----D---- C:\Program Files\MysteryoftheCrystalPortal_at
2008-11-21 16:46:36 ----D---- C:\Program Files\SamanthaSwift_at
2008-11-20 19:10:59 ----D---- C:\Documents and Settings\Administrator\Data aplikací\SecretIslandEng
2008-11-20 19:10:08 ----D---- C:\Program Files\TreasuresofMysteryIsland_at
2008-11-17 18:54:46 ----D---- C:\Program Files\Alice Greenfingers 2
2008-11-16 22:27:32 ----D---- C:\Program Files\PopCap Games
2008-11-16 21:11:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Zylom
2008-11-15 21:14:45 ----D---- C:\Program Files\PlayFirst
2008-11-14 17:06:45 ----D---- C:\Program Files\AliceGreenfingers2_at
2008-11-12 08:40:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 08:40:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-06 11:51:42 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Pogo Games
2008-11-06 11:51:07 ----D---- C:\Program Files\OperationMania_at
2008-11-04 20:18:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\PrevxCSI
2008-11-03 17:18:08 ----D---- C:\Program Files\Cake Mania
2008-11-02 21:30:39 ----D---- C:\Program Files\NetSoftware
2008-11-01 13:32:31 ----D---- C:\Program Files\Retro64 Games
2008-10-29 17:50:44 ----D---- C:\Program Files\Realore
2008-10-28 17:59:26 ----D---- C:\Program Files\Venice
2008-10-28 14:23:28 ----D---- C:\Program Files\Cooking Dash

======List of files/folders modified in the last 1 months======

2008-11-27 17:13:39 ----D---- C:\WINDOWS\Temp
2008-11-27 17:12:15 ----D---- C:\Program Files\Mozilla Firefox
2008-11-27 17:11:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-27 16:01:13 ----D---- C:\WINDOWS\Prefetch
2008-11-27 15:19:19 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-27 14:48:36 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-27 14:11:39 ----D---- C:\WINDOWS\system32
2008-11-27 14:01:34 ----D---- C:\Program Files\EA GAMES
2008-11-27 13:51:44 ----A---- C:\WINDOWS\Explorer.EXE.Z-missing.txt
2008-11-27 13:24:01 ----SHD---- C:\WINDOWS\CSC
2008-11-27 13:20:51 ----D---- C:\WINDOWS\system32\drivers
2008-11-26 23:14:11 ----D---- C:\Documents and Settings\Administrator\Data aplikací\GameHouse
2008-11-26 22:51:45 ----A---- C:\WINDOWS\system32\Dvbpws.dll
2008-11-26 17:33:38 ----RD---- C:\Program Files
2008-11-26 17:14:01 ----D---- C:\WINDOWS
2008-11-25 20:06:02 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-11-24 20:33:59 ----D---- C:\Program Files\GameHouse
2008-11-24 09:53:48 ----D---- C:\Program Files\Miranda IM
2008-11-23 23:20:31 ----D---- C:\WINDOWS\Help
2008-11-22 19:36:07 ----D---- C:\Program Files\iWin.com
2008-11-22 17:30:09 ----D---- C:\Program Files\Alawar
2008-11-21 22:11:25 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-21 16:47:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\MumboJumbo
2008-11-17 16:27:38 ----SHD---- C:\WINDOWS\Installer
2008-11-17 16:26:05 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-17 16:26:05 ----D---- C:\Program Files\Common Files\soft602
2008-11-16 17:52:47 ----D---- C:\Program Files\Shockwave.com
2008-11-15 21:15:18 ----D---- C:\Documents and Settings\Administrator\Data aplikací\PlayFirst
2008-11-15 17:00:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
2008-11-15 13:37:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Valusoft
2008-11-15 13:37:16 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Valusoft
2008-11-14 16:59:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\PlayFirst
2008-11-13 20:31:23 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Gamelab
2008-11-12 16:43:14 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-12 08:40:53 ----HD---- C:\WINDOWS\inf
2008-11-12 08:40:53 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 08:40:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-12 08:40:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 08:40:30 ----D---- C:\WINDOWS\WinSxS
2008-11-11 09:13:50 ----A---- C:\WINDOWS\WDICT32.INI
2008-11-03 17:18:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sandlot Games
2008-11-03 16:10:26 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-02 12:02:19 ----D---- C:\Program Files\Google
2008-10-31 19:13:22 ----D---- C:\Downloads
2008-10-31 14:16:54 ----D---- C:\Program Files\iWin Games
2008-10-30 09:51:19 ----D---- C:\Program Files\Anti-Virus&Spyware
2008-10-28 15:50:50 ----D---- C:\Program Files\Cake Mania 3
2008-10-28 15:47:18 ----D---- C:\Program Files\RanchRush_at

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2007-11-01 15424]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver; C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-10-23 9856]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2007-11-01 512096]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 wfcxatun;WinFast TV Analog Tuner Driver; C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-10-23 31616]
R2 WFCXVCAP;WinFast TV Video Capture Driver; C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-10-23 167424]
R3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
R3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sbpci;Sound Blaster AudioPCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\sbpci.sys [2001-10-26 492672]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver; C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-10-23 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver; C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-10-23 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver; C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-10-23 10496]
R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []
S1 ensqio;ensqio; C:\WINDOWS\system32\DRIVERS\ensqio.sys []
S1 sbpcint4;SB AudioPCI 128; C:\WINDOWS\system32\DRIVERS\sbpcint4.sys []
S3 ag64d0xs;ag64d0xs; C:\WINDOWS\system32\drivers\ag64d0xs.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 iWinGamesInstaller;iWinGamesInstaller; C:\Program Files\iWin Games\iWinGamesInstaller.exe [2008-09-09 78104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-11-01 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-04-05 72704]
S3 Adobe Version Cue CS2;Adobe Version Cue CS2; C:\Program Files\Adobe-skola\Adobe Version Cue CS2\bin\VersionCueCS2.exe [2005-05-25 163840]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-08-01 65536]

-----------------EOF-----------------

Reklama

Příspěvekod **jaro3** » 27 lis 2008 19:13

Stahni jsi Avanger
do nej podle navodu: http://www.viry.cz/forum/viewtopic.php?t=19832%20.
zadej prikaz z kodu:

Kód: Vybrat vše

Files to delete:
C:\WINDOWS\Explorer.EXE.Z-missing.txt
C:\WINDOWS\imsins.BAK

Po restartu pošli z avengera log co na tebe vybafne.

Poté:
Stáhni si GMER
Po stažení aplikaci rozbal a spusť, probehne rychlý sken a otevře se hlavní okno programu:
pokud klikneš na tlačítko Save vpravo dole, muzeš vyexportovat první log, ktery vloziš sem.

Andik · Příspěvekod **Andik** » 27 lis 2008 20:15

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSiyvv.sys
Start Type: 1 (System)

Rootkit scan completed.

File "C:\WINDOWS\Explorer.EXE.Z-missing.txt" deleted successfully.
File "C:\WINDOWS\imsins.BAK" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Andik · Příspěvekod **Andik** » 27 lis 2008 20:15

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-27 20:09:56
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF73F20D0]
SSDT sptd.sys ZwEnumerateKey [0xF73F7FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF73F8340]
SSDT sptd.sys ZwOpenKey [0xF73F20B0]
SSDT sptd.sys ZwQueryKey [0xF73F8418]
SSDT sptd.sys ZwQueryValueKey [0xF73F8298]
SSDT sptd.sys ZwSetValueKey [0xF73F84AA]

Code E1C46320 ZwFlushInstructionCache
Code B8FBBEAB pIofCallDriver

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805AAC4A 5 Bytes JMP E1C46324
? anfepu.sys Systém nemůže nalézt uvedený soubor. !
? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.text USBPORT.SYS!DllUnload F5D0062C 5 Bytes JMP 865951C8
? System32\Drivers\abm4dhay.SYS Systém nemůže nalézt uvedenou cestu. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\Explorer.EXE[1892] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00AE000A
.text C:\WINDOWS\Explorer.EXE[1892] WS2_32.dll!send 71A9428A 5 Bytes JMP 00B0000A
.text C:\WINDOWS\Explorer.EXE[1892] WS2_32.dll!closesocket 71A99639 5 Bytes JMP 00AF000A
.text C:\WINDOWS\system32\Notepad.exe[2016] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00AA000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3076] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00BA000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3076] WS2_32.dll!send 71A9428A 5 Bytes JMP 00BC000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3076] WS2_32.dll!closesocket 71A99639 5 Bytes JMP 00BB000A

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73F2AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73F2C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73F2B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73F3748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73F361E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F740829A] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 867641E8
Device \Driver\PCI_NTPNP2704 \Device\00000041 sptd.sys
Device \Driver\usbohci \Device\USBPDO-0 865941E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 867661E8
Device \Driver\dmio \Device\DmControl\DmConfig 867661E8
Device \Driver\dmio \Device\DmControl\DmPnP 867661E8
Device \Driver\dmio \Device\DmControl\DmInfo 867661E8
Device \Driver\usbehci \Device\USBPDO-1 865881E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{111CE4F7-F7D4-4197-9CB1-2C0CCC572E68} 855651E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 867D41E8
Device \Driver\Cdrom \Device\CdRom0 8657B1E8
Device \Driver\nvata \Device\00000065 867651E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 867D41E8
Device \Driver\Cdrom \Device\CdRom1 8657B1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 867D31E8
Device \Driver\atapi \Device\Ide\IdePort0 867D31E8
Device \Driver\atapi \Device\Ide\IdePort1 867D31E8
Device \Driver\Cdrom \Device\CdRom2 8657B1E8
Device \Driver\Cdrom \Device\CdRom3 8657B1E8
Device \Driver\Cdrom \Device\CdRom4 8657B1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 855651E8
Device \Driver\NetBT \Device\NetbiosSmb 855651E8
Device \Driver\usbohci \Device\USBFDO-0 865941E8
Device \Driver\usbehci \Device\USBFDO-1 865881E8
Device \Driver\nvata \Device\NvAta0 867651E8
Device \Driver\nvata \Device\NvAta1 867651E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8554A1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8554A1E8
Device \Driver\Ftdisk \Device\FtControl 867D41E8
Device \Driver\abm4dhay \Device\Scsi\abm4dhay1Port4Path0Target3Lun0 86509790
Device \Driver\abm4dhay \Device\Scsi\abm4dhay1Port4Path0Target1Lun0 86509790
Device \Driver\abm4dhay \Device\Scsi\abm4dhay1 86509790
Device \Driver\abm4dhay \Device\Scsi\abm4dhay1Port4Path0Target0Lun0 86509790
Device \Driver\abm4dhay \Device\Scsi\abm4dhay1Port4Path0Target2Lun0 86509790
Device \FileSystem\Cdfs \Cdfs 862E71E8

---- Modules - GMER 1.0.14 ----

Module \systemroot\system32\drivers\TDSSiyvv.sys (*** hidden *** ) B8FBA000-B8FCC000 (73728 bytes)

---- Threads - GMER 1.0.14 ----

Thread 4:460 B8FBCD66

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\drivers\TDSSiyvv.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x85 0x30 0xBD 0x41 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCB 0x0A 0x86 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x33 0x25 0x82 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x6F 0xD2 0x08 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xD1 0xDA 0x4E 0x5B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC7 0x89 0x59 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSiyvv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSiyvv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSiykn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSejvt.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSurte.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSwign.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSecen.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSqxum.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSachc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSmhju.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkckq.log
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x85 0x30 0xBD 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCB 0x0A 0x86 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x33 0x25 0x82 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x6F 0xD2 0x08 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xD1 0xDA 0x4E 0x5B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC7 0x89 0x59 0xAE ...
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSiyvv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSiyvv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSiykn.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSejvt.dat
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSurte.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSwign.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSecen.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSqxum.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSachc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSmhju.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkckq.log
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@affid 61
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@subid v3001
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@control 0x09 0x19 0x1F 0x16 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@prov 10010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@googleadserver pagead2.googlesyndication.com
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@flagged 1

---- EOF - GMER 1.0.14 ----

Příspěvekod **jaro3** » 27 lis 2008 20:47

Zkus nyní použít SDFix, pokud nepůjde tak ComboFix. Jinak budeme muset zítra mazat ručně....

Andik · Příspěvekod **Andik** » 27 lis 2008 21:25

SDFix se mi podařilo rozchodit (díky tomu přejmenování):

SDFix: Version 1.240
Run by Administrator on źt 27.11.2008 at 09:07 odp.

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\TDSSurte.dll - Deleted
C:\WINDOWS\system32\TDSSwign.dll - Deleted
C:\WINDOWS\system32\TDSSecen.dll - Deleted
C:\WINDOWS\system32\TDSSqxum.dll - Deleted
C:\WINDOWS\system32\TDSSejvt.dat - Deleted
C:\WINDOWS\system32\TDSSkckq.log - Deleted

Could Not Remove C:\WINDOWS\system32\TDSSiykn.dll

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 21:17:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Administrator\ntuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

C:\WINDOWS\system32\TDSSiykn.dll Found

File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 17 Sep 2007 4,348 ..SH. --- "C:\Documents and Settings_old\All Users\DRM\DRMv1.bak"
Fri 4 Jul 2008 187,497 ...H. --- "C:\Program Files\Yahoo! Games\Magic Farm\Uninstall.exe"

Finished!

Andik · Příspěvekod **Andik** » 27 lis 2008 21:27

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:31 odp., on 27.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Adobe-skola\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\NetSoftware\NetSoftware.exe
C:\Documents and Settings\All Users\Data aplikací\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetSoftware\IEHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] _RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe-skola\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NetSoftware] "C:\Program Files\NetSoftware\Starter.exe" /path="C:\Program Files\NetSoftware"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: iWin Desktop Alerts.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ\ICQ 6 czech\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ\ICQ 6 czech\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.3.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe-skola\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 1: Frekvence 1 - http://www.frekvence1.cz/cs/webova_radi ... 2_ad.shtml

--
End of file - 8635 bytes

Příspěvekod **jaro3** » 28 lis 2008 09:59

Vypni rez. ochranu u NOD32.
Nyní zkus ComboFix.

Andik · Příspěvekod **Andik** » 28 lis 2008 11:41

ComboFix 08-11-27.07 - Administrator 2008-11-28 11:28:39.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.734 [GMT 1:00]
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\TDSSiyvv.sys
c:\windows\system32\Dvbpws.dll
c:\windows\system32\TDSSachc.dll
c:\windows\system32\TDSSecen.dll
c:\windows\system32\TDSSejvt.dat
c:\windows\system32\TDSSiykn.dll
c:\windows\system32\TDSSkckq.log
c:\windows\system32\TDSSmhju.log
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSqxum.dll
c:\windows\system32\TDSSurte.dll
c:\windows\system32\TDSSwign.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_IWINGAMESINSTALLER
-------\Service_iWinGamesInstaller

((((((((((((((((((((((((( Soubory vytvořené od 2008-10-28 do 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-27 20:58 . 2008-11-27 20:58 <DIR> d-------- C:\SDFix
2008-11-27 17:13 . 2008-11-27 17:13 <DIR> d-------- C:\rsit
2008-11-27 17:00 . 2008-11-28 11:22 <DIR> d-------- C:\ComboFix
2008-11-27 14:48 . 2008-11-27 14:48 <DIR> d-------- C:\zprava_806
2008-11-27 14:46 . 2008-11-27 14:46 3,054,988 --a------ C:\zprava_806.zip
2008-11-27 14:38 . 2008-11-27 14:38 1,259,897 --a------ C:\ComboFix.rar
2008-11-27 14:23 . 2008-11-27 14:23 1,529,241 --a------ C:\SDFix.exe
2008-11-26 17:33 . 2008-11-27 13:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 20:57 . 2008-11-25 20:57 <DIR> d-------- C:\GameHouse Games
2008-11-25 20:56 . 2008-11-26 23:21 <DIR> d-------- c:\program files\RealArcade
2008-11-22 17:25 . 2008-11-22 17:34 <DIR> d-------- c:\program files\EscapetheMuseum_at
2008-11-22 16:15 . 2008-11-22 17:35 <DIR> d-------- c:\program files\SpookyManor_at
2008-11-22 10:19 . 2008-11-22 10:20 <DIR> d-------- c:\program files\SpiritofWanderingTheLegend_at
2008-11-21 22:37 . 2008-11-21 22:37 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Friday's games
2008-11-21 17:10 . 2008-11-22 17:35 <DIR> d-------- c:\program files\MagicEncyclopedia_at
2008-11-21 16:49 . 2008-11-21 16:50 <DIR> d-------- c:\program files\MysteryoftheCrystalPortal_at
2008-11-21 16:46 . 2008-11-27 13:21 <DIR> d-------- c:\program files\SamanthaSwift_at
2008-11-20 19:10 . 2008-11-20 19:10 <DIR> d-------- c:\program files\TreasuresofMysteryIsland_at
2008-11-20 19:10 . 2008-11-20 19:11 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\SecretIslandEng
2008-11-17 18:54 . 2008-11-22 17:30 <DIR> d-------- c:\program files\Alice Greenfingers 2
2008-11-16 22:27 . 2008-11-22 17:35 <DIR> d-------- c:\program files\PopCap Games
2008-11-16 21:11 . 2008-11-16 21:11 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Zylom
2008-11-15 21:14 . 2008-11-15 21:14 <DIR> d-------- c:\program files\PlayFirst
2008-11-14 17:06 . 2008-11-17 16:26 <DIR> d-------- c:\program files\AliceGreenfingers2_at
2008-11-06 11:51 . 2008-11-06 12:17 <DIR> d-------- c:\program files\OperationMania_at
2008-11-06 11:51 . 2008-11-06 11:51 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Pogo Games
2008-11-04 20:18 . 2008-11-24 20:28 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\PrevxCSI
2008-11-03 17:18 . 2008-11-17 16:28 <DIR> d-------- c:\program files\Cake Mania
2008-11-02 21:30 . 2008-11-28 11:32 <DIR> d-------- c:\program files\NetSoftware
2008-11-01 13:32 . 2008-11-15 20:44 <DIR> d-------- c:\program files\Retro64 Games
2008-10-29 17:50 . 2008-10-29 17:50 <DIR> d-------- c:\program files\Realore
2008-10-28 17:59 . 2008-10-29 21:52 <DIR> d-------- c:\program files\Venice
2008-10-28 14:23 . 2008-10-28 15:50 <DIR> d-------- c:\program files\Cooking Dash

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 13:01 --------- d-----w c:\program files\EA GAMES
2008-11-26 22:14 --------- d-----w c:\documents and settings\Administrator\Data aplikací\GameHouse
2008-11-25 19:06 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-11-24 19:33 --------- d-----w c:\program files\GameHouse
2008-11-24 08:53 --------- d-----w c:\program files\Miranda IM
2008-11-22 18:36 --------- d-----w c:\program files\iWin.com
2008-11-22 16:30 --------- d-----w c:\program files\Alawar
2008-11-21 15:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\MumboJumbo
2008-11-17 15:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 15:26 --------- d-----w c:\program files\Common Files\soft602
2008-11-16 16:52 --------- d-----w c:\program files\Shockwave.com
2008-11-15 20:15 --------- d-----w c:\documents and settings\Administrator\Data aplikací\PlayFirst
2008-11-15 16:00 --------- d-----w c:\documents and settings\All Users\Data aplikací\AlawarWrapper
2008-11-15 12:37 --------- d-----w c:\documents and settings\All Users\Data aplikací\Valusoft
2008-11-15 12:37 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Valusoft
2008-11-14 15:59 --------- d-----w c:\documents and settings\All Users\Data aplikací\PlayFirst
2008-11-13 19:31 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Gamelab
2008-11-03 16:18 --------- d-----w c:\documents and settings\All Users\Data aplikací\Sandlot Games
2008-11-02 11:02 --------- d-----w c:\program files\Google
2008-10-31 13:16 --------- d-----w c:\program files\iWin Games
2008-10-30 08:51 --------- d-----w c:\program files\Anti-Virus&Spyware
2008-10-28 14:50 --------- d-----w c:\program files\Cake Mania 3
2008-10-28 14:47 --------- d-----w c:\program files\RanchRush_at
2008-10-27 18:43 --------- d-----w c:\program files\Garmin GPS Plugin
2008-10-25 10:12 --------- d-----w c:\documents and settings\All Users\Data aplikací\Fugazo
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 09:18 --------- d-----w c:\program files\Software602
2008-10-24 09:03 --------- d-----w c:\documents and settings\All Users\Data aplikací\WinZip
2008-10-22 14:52 --------- d-----w c:\documents and settings\Administrator\Data aplikací\PetShowCraze
2008-10-18 17:05 --------- d-----w c:\documents and settings\All Users\Data aplikací\iWin
2008-10-18 17:04 --------- d-----w c:\documents and settings\Administrator\Data aplikací\iWin
2008-10-18 11:53 --------- d-----w c:\documents and settings\Administrator\Data aplikací\MysteryStudio
2008-10-18 08:05 --------- d-----w c:\documents and settings\Administrator\Data aplikací\GARMIN
2008-10-18 07:53 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Download Manager
2008-10-11 18:45 --------- d-----w c:\program files\LambsofDreams_at
2008-10-05 09:56 --------- d-----w c:\documents and settings\All Users\Data aplikací\GameHouse
2008-10-04 15:15 --------- d-----w c:\program files\FarmFrenzy2_at
2008-10-03 11:17 --------- d-----w c:\documents and settings\Administrator\Data aplikací\iWin_DressUpRush
2008-10-03 09:38 --------- d-----w c:\documents and settings\Administrator\Data aplikací\BeachPartyCraze
2008-10-02 17:21 --------- d-----w c:\program files\SallysSalon_at
2008-10-02 12:02 --------- d-----w c:\documents and settings\All Users\Data aplikací\Legacy Interactive
2008-10-02 09:19 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ludia
2008-10-02 09:19 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Ludia
2008-10-01 14:33 --------- d-----w c:\documents and settings\All Users\Data aplikací\Astar Games
2008-10-01 09:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Fitn17
2008-10-01 09:54 --------- d-----w c:\documents and settings\All Users\Data aplikací\iWin Games
2008-10-01 09:54 --------- d-----w c:\documents and settings\Administrator\Data aplikací\iWinArcade
2008-10-01 08:43 --------- d-----w c:\program files\TeddyTavern_at
2008-10-01 08:43 --------- d-----w c:\program files\FitnessFrenzy_at
2008-10-01 08:43 --------- d-----w c:\documents and settings\Administrator\Data aplikací\SpinTop
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 14:59 7,780 ----a-w c:\documents and settings\Administrator\FMCodec.dat
2008-09-28 14:57 --------- d-----w c:\documents and settings\Administrator\Data aplikací\EleFun Games
2008-09-15 15:40 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-07-20 21:37 241 ----a-w c:\documents and settings\Administrator\SR.vbs
2008-07-04 15:01 0 ----a-w c:\program files\temp01
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}]
2008-11-02 21:30 106496 --a------ c:\program files\NetSoftware\IEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-11-01 949376]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 413696]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Adobe Version Cue CS2"="c:\program files\Adobe-skola\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-05-25 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe-skola\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2008-11-02 94208]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Data aplikacˇ\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-10-01 108032]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2008-04-05 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys [2006-10-23 9856]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [2006-03-24 31616]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [2006-03-24 167424]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-04 69120]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [2006-03-24 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [2006-10-23 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [2006-03-24 10496]
R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS [2007-11-01 9446]
S1 ensqio;ensqio;c:\windows\system32\DRIVERS\ensqio.sys []
S1 sbpcint4;SB AudioPCI 128;c:\windows\system32\DRIVERS\sbpcint4.sys []
.
Obsah adresáře 'Naplánované úlohy'

2008-11-27 c:\windows\Tasks\Antispyware Scheduled Scan.job
- c:\program files\Antispyware\Antispyware.exe []

2008-11-27 c:\windows\Tasks\Antispyware Scheduled Scan.job
- c:\program files\Antispyware []

2008-11-27 c:\windows\Tasks\{D34F18B0-576E-11D0-B28C-00C04FD7CD22}_LERCH_Administrator.job
- c:\windows\system32\mobsync.exe [2004-08-17 17:49]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-RTHDCPL - _RTHDCPL.EXE

.
------- Doplňkový sken -------
.
FireFox -: Profile - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\qc1d6ayl.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 11:32:33
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\imon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NetSoftware\NetSoftware.exe
c:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
c:\program files\Adobe-skola\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\documents and settings\All Users\Data aplikací\iWin Games\DesktopAlerts\DesktopAlerts.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2008-11-28 11:34:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-11-28 10:34:31

Před spuštěním: Volných bajtů: 25,810,624,512
Po spuštění: Volných bajtů: 26,901,663,744

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

235 --- E O F --- 2008-11-26 21:08:20

Andik · Příspěvekod **Andik** » 28 lis 2008 11:53

Předtím jsem rezidentní ochranu vypla, ale během skenování CF se dvakrát restartoval počítač a automaticky se to zaplo, tak tady je ještě bez te rezidentní ochrany

ComboFix 08-11-27.07 - Administrator 2008-11-28 11:43:43.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.613 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-10-28 do 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-27 20:58 . 2008-11-27 20:58 <DIR> d-------- C:\SDFix
2008-11-27 17:13 . 2008-11-27 17:13 <DIR> d-------- C:\rsit
2008-11-27 14:48 . 2008-11-27 14:48 <DIR> d-------- C:\zprava_806
2008-11-27 14:46 . 2008-11-27 14:46 3,054,988 --a------ C:\zprava_806.zip
2008-11-27 14:38 . 2008-11-27 14:38 1,259,897 --a------ C:\ComboFix.rar
2008-11-27 14:23 . 2008-11-27 14:23 1,529,241 --a------ C:\SDFix.exe
2008-11-26 17:33 . 2008-11-27 13:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 20:57 . 2008-11-25 20:57 <DIR> d-------- C:\GameHouse Games
2008-11-25 20:56 . 2008-11-26 23:21 <DIR> d-------- c:\program files\RealArcade
2008-11-22 17:25 . 2008-11-22 17:34 <DIR> d-------- c:\program files\EscapetheMuseum_at
2008-11-22 16:15 . 2008-11-22 17:35 <DIR> d-------- c:\program files\SpookyManor_at
2008-11-22 10:19 . 2008-11-22 10:20 <DIR> d-------- c:\program files\SpiritofWanderingTheLegend_at
2008-11-21 22:37 . 2008-11-21 22:37 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Friday's games
2008-11-21 17:10 . 2008-11-22 17:35 <DIR> d-------- c:\program files\MagicEncyclopedia_at
2008-11-21 16:49 . 2008-11-21 16:50 <DIR> d-------- c:\program files\MysteryoftheCrystalPortal_at
2008-11-21 16:46 . 2008-11-27 13:21 <DIR> d-------- c:\program files\SamanthaSwift_at
2008-11-20 19:10 . 2008-11-20 19:10 <DIR> d-------- c:\program files\TreasuresofMysteryIsland_at
2008-11-20 19:10 . 2008-11-20 19:11 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\SecretIslandEng
2008-11-17 18:54 . 2008-11-22 17:30 <DIR> d-------- c:\program files\Alice Greenfingers 2
2008-11-16 22:27 . 2008-11-22 17:35 <DIR> d-------- c:\program files\PopCap Games
2008-11-16 21:11 . 2008-11-16 21:11 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Zylom
2008-11-15 21:14 . 2008-11-15 21:14 <DIR> d-------- c:\program files\PlayFirst
2008-11-14 17:06 . 2008-11-17 16:26 <DIR> d-------- c:\program files\AliceGreenfingers2_at
2008-11-06 11:51 . 2008-11-06 12:17 <DIR> d-------- c:\program files\OperationMania_at
2008-11-06 11:51 . 2008-11-06 11:51 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Pogo Games
2008-11-04 20:18 . 2008-11-24 20:28 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\PrevxCSI
2008-11-03 17:18 . 2008-11-17 16:28 <DIR> d-------- c:\program files\Cake Mania
2008-11-02 21:30 . 2008-11-28 11:35 <DIR> d-------- c:\program files\NetSoftware
2008-11-01 13:32 . 2008-11-15 20:44 <DIR> d-------- c:\program files\Retro64 Games
2008-10-29 17:50 . 2008-10-29 17:50 <DIR> d-------- c:\program files\Realore
2008-10-28 17:59 . 2008-10-29 21:52 <DIR> d-------- c:\program files\Venice
2008-10-28 14:23 . 2008-10-28 15:50 <DIR> d-------- c:\program files\Cooking Dash

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 13:01 --------- d-----w c:\program files\EA GAMES
2008-11-26 22:14 --------- d-----w c:\documents and settings\Administrator\Data aplikací\GameHouse
2008-11-25 19:06 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-11-24 19:33 --------- d-----w c:\program files\GameHouse
2008-11-24 08:53 --------- d-----w c:\program files\Miranda IM
2008-11-22 18:36 --------- d-----w c:\program files\iWin.com
2008-11-22 16:30 --------- d-----w c:\program files\Alawar
2008-11-21 15:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\MumboJumbo
2008-11-17 15:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 15:26 --------- d-----w c:\program files\Common Files\soft602
2008-11-16 16:52 --------- d-----w c:\program files\Shockwave.com
2008-11-15 20:15 --------- d-----w c:\documents and settings\Administrator\Data aplikací\PlayFirst
2008-11-15 16:00 --------- d-----w c:\documents and settings\All Users\Data aplikací\AlawarWrapper
2008-11-15 12:37 --------- d-----w c:\documents and settings\All Users\Data aplikací\Valusoft
2008-11-15 12:37 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Valusoft
2008-11-14 15:59 --------- d-----w c:\documents and settings\All Users\Data aplikací\PlayFirst
2008-11-13 19:31 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Gamelab
2008-11-03 16:18 --------- d-----w c:\documents and settings\All Users\Data aplikací\Sandlot Games
2008-11-02 11:02 --------- d-----w c:\program files\Google
2008-10-31 13:16 --------- d-----w c:\program files\iWin Games
2008-10-30 08:51 --------- d-----w c:\program files\Anti-Virus&Spyware
2008-10-28 14:50 --------- d-----w c:\program files\Cake Mania 3
2008-10-28 14:47 --------- d-----w c:\program files\RanchRush_at
2008-10-27 18:43 --------- d-----w c:\program files\Garmin GPS Plugin
2008-10-25 10:12 --------- d-----w c:\documents and settings\All Users\Data aplikací\Fugazo
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 09:18 --------- d-----w c:\program files\Software602
2008-10-24 09:03 --------- d-----w c:\documents and settings\All Users\Data aplikací\WinZip
2008-10-22 14:52 --------- d-----w c:\documents and settings\Administrator\Data aplikací\PetShowCraze
2008-10-18 17:05 --------- d-----w c:\documents and settings\All Users\Data aplikací\iWin
2008-10-18 17:04 --------- d-----w c:\documents and settings\Administrator\Data aplikací\iWin
2008-10-18 11:53 --------- d-----w c:\documents and settings\Administrator\Data aplikací\MysteryStudio
2008-10-18 08:05 --------- d-----w c:\documents and settings\Administrator\Data aplikací\GARMIN
2008-10-18 07:53 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Download Manager
2008-10-11 18:45 --------- d-----w c:\program files\LambsofDreams_at
2008-10-05 09:56 --------- d-----w c:\documents and settings\All Users\Data aplikací\GameHouse
2008-10-04 15:15 --------- d-----w c:\program files\FarmFrenzy2_at
2008-10-03 11:17 --------- d-----w c:\documents and settings\Administrator\Data aplikací\iWin_DressUpRush
2008-10-03 09:38 --------- d-----w c:\documents and settings\Administrator\Data aplikací\BeachPartyCraze
2008-10-02 17:21 --------- d-----w c:\program files\SallysSalon_at
2008-10-02 12:02 --------- d-----w c:\documents and settings\All Users\Data aplikací\Legacy Interactive
2008-10-02 09:19 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ludia
2008-10-02 09:19 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Ludia
2008-10-01 14:33 --------- d-----w c:\documents and settings\All Users\Data aplikací\Astar Games
2008-10-01 09:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Fitn17
2008-10-01 09:54 --------- d-----w c:\documents and settings\All Users\Data aplikací\iWin Games
2008-10-01 09:54 --------- d-----w c:\documents and settings\Administrator\Data aplikací\iWinArcade
2008-10-01 08:43 --------- d-----w c:\program files\TeddyTavern_at
2008-10-01 08:43 --------- d-----w c:\program files\FitnessFrenzy_at
2008-10-01 08:43 --------- d-----w c:\documents and settings\Administrator\Data aplikací\SpinTop
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 14:59 7,780 ----a-w c:\documents and settings\Administrator\FMCodec.dat
2008-09-28 14:57 --------- d-----w c:\documents and settings\Administrator\Data aplikací\EleFun Games
2008-09-15 15:40 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-07-20 21:37 241 ----a-w c:\documents and settings\Administrator\SR.vbs
2008-07-04 15:01 0 ----a-w c:\program files\temp01
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-11-01 949376]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 413696]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Adobe Version Cue CS2"="c:\program files\Adobe-skola\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-05-25 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe-skola\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2008-11-02 94208]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Data aplikacˇ\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-10-01 108032]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2008-04-05 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys [2006-10-23 9856]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [2006-03-24 31616]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [2006-03-24 167424]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-04 69120]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [2006-03-24 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [2006-10-23 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [2006-03-24 10496]
R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS [2007-11-01 9446]
S1 ensqio;ensqio;c:\windows\system32\DRIVERS\ensqio.sys []
S1 sbpcint4;SB AudioPCI 128;c:\windows\system32\DRIVERS\sbpcint4.sys []
.
Obsah adresáře 'Naplánované úlohy'

2008-11-27 c:\windows\Tasks\Antispyware Scheduled Scan.job
- c:\program files\Antispyware\Antispyware.exe []

2008-11-27 c:\windows\Tasks\Antispyware Scheduled Scan.job
- c:\program files\Antispyware []

2008-11-27 c:\windows\Tasks\{D34F18B0-576E-11D0-B28C-00C04FD7CD22}_LERCH_Administrator.job
- c:\windows\system32\mobsync.exe [2004-08-17 17:49]
.
.
------- Doplňkový sken -------
.
FireFox -: Profile - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\qc1d6ayl.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 11:44:19
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\imon.dll
.
Celkový čas: 2008-11-28 11:45:16
ComboFix-quarantined-files.txt 2008-11-28 10:44:43
ComboFix2.txt 2008-11-28 10:42:34
ComboFix3.txt 2008-11-28 10:34:37

Před spuštěním: Volných bajtů: 26 907 463 680
Po spuštění: Volných bajtů: 26,894,405,632

182 --- E O F --- 2008-11-26 21:08:20

Příspěvekod **jaro3** » 28 lis 2008 14:09

Toto jsi vytvořila sama: C:\zprava_806 ??
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
C:\SDFix
c:\program files\Anti-Virus&Spyware
c:\program files\temp01

File::
C:\SDFix.exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Andik · Příspěvekod **Andik** » 28 lis 2008 15:34

Ano, C:\zprava_806 jsem vytvořila já.

ComboFix 08-11-27.07 - Administrator 2008-11-28 15:24:21.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.629 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active

FILE ::
C:\SDFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Anti-Virus&Spyware
c:\program files\Anti-Virus&Spyware\EGhostLog.txt
c:\program files\temp01\
C:\SDFix
C:\SDFix.exe
c:\sdfix\SDFix\Add_DBFix_RunOnce_key.inf
c:\sdfix\SDFix\apps\assosfix.reg
c:\sdfix\SDFix\apps\Cghtme.exe
c:\sdfix\SDFix\apps\cliptext.exe
c:\sdfix\SDFix\apps\DBFix.inf
c:\sdfix\SDFix\apps\download.exe
c:\sdfix\SDFix\apps\dummy.sys
c:\sdfix\SDFix\apps\Enable_Command_Prompt.inf
c:\sdfix\SDFix\apps\Enable_Command_Prompt.reg
c:\sdfix\SDFix\apps\ERDNT.E_E
c:\sdfix\SDFix\apps\ERDNTDOS.LOC
c:\sdfix\SDFix\apps\ERDNTWIN.LOC
c:\sdfix\SDFix\apps\ERUNT.EXE
c:\sdfix\SDFix\apps\ERUNT.LOC
c:\sdfix\SDFix\apps\fix.reg
c:\sdfix\SDFix\apps\FixBeep.reg
c:\sdfix\SDFix\apps\FixBH.reg
c:\sdfix\SDFix\apps\FixComponents.reg
c:\sdfix\SDFix\apps\FIXCU.reg
c:\sdfix\SDFix\apps\FIXLM.reg
c:\sdfix\SDFix\apps\FixPath.exe
c:\sdfix\SDFix\apps\FixRedir.reg
c:\sdfix\SDFix\apps\FixSchedule.reg
c:\sdfix\SDFix\apps\FixWebCheck.reg
c:\sdfix\SDFix\apps\fixXP.reg
c:\sdfix\SDFix\apps\FixXPsp2.reg
c:\sdfix\SDFix\apps\grep.exe
c:\sdfix\SDFix\apps\HaxdFix.reg
c:\sdfix\SDFix\apps\HPFix.reg
c:\sdfix\SDFix\apps\HPFix2.reg
c:\sdfix\SDFix\apps\HPFix3.reg
c:\sdfix\SDFix\apps\HPFix4.reg
c:\sdfix\SDFix\apps\HPFix5.reg
c:\sdfix\SDFix\apps\HPFix6.reg
c:\sdfix\SDFix\apps\HPFix7.reg
c:\sdfix\SDFix\apps\HPFix8.reg
c:\sdfix\SDFix\apps\HPFix9.reg
c:\sdfix\SDFix\apps\Installed.txt
c:\sdfix\SDFix\apps\isadmin.exe
c:\sdfix\SDFix\apps\leg2.txt
c:\sdfix\SDFix\apps\legacy.txt
c:\sdfix\SDFix\apps\legacybk.txt
c:\sdfix\SDFix\apps\locate.com
c:\sdfix\SDFix\apps\LS.exe
c:\sdfix\SDFix\apps\MD5File.exe
c:\sdfix\SDFix\apps\moveex.exe
c:\sdfix\SDFix\apps\MyGcpvFix.reg
c:\sdfix\SDFix\apps\MyGkFix2.reg
c:\sdfix\SDFix\apps\Process.exe
c:\sdfix\SDFix\apps\procs.exe
c:\sdfix\SDFix\apps\psservice.exe
c:\sdfix\SDFix\apps\Rem.txt
c:\sdfix\SDFix\apps\Rem2.txt
c:\sdfix\SDFix\apps\Replace\regedit.exe
c:\sdfix\SDFix\apps\Replace\w2k\AUTOEXEC.NT
c:\sdfix\SDFix\apps\Replace\w2k\beep.sys
c:\sdfix\SDFix\apps\Replace\w2k\command.com
c:\sdfix\SDFix\apps\Replace\w2k\command.PIF
c:\sdfix\SDFix\apps\Replace\w2k\CONFIG.NT
c:\sdfix\SDFix\apps\Replace\w2k\null.sys
c:\sdfix\SDFix\apps\Replace\xp\AUTOEXEC.NT
c:\sdfix\SDFix\apps\Replace\xp\beep.sys
c:\sdfix\SDFix\apps\Replace\xp\command.com
c:\sdfix\SDFix\apps\Replace\xp\command.PIF
c:\sdfix\SDFix\apps\Replace\xp\CONFIG.NT
c:\sdfix\SDFix\apps\Replace\xp\null.sys
c:\sdfix\SDFix\apps\Reset_AppInit_DLLs.reg
c:\sdfix\SDFix\apps\RestartIt!.exe
c:\sdfix\SDFix\apps\Restore_SafeBoot_Windows2000.reg
c:\sdfix\SDFix\apps\Restore_SafeBoot_WindowsXP.reg
c:\sdfix\SDFix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
c:\sdfix\SDFix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
c:\sdfix\SDFix\apps\Restore_SecurityCenter.reg
c:\sdfix\SDFix\apps\Restore_SharedAccess.reg
c:\sdfix\SDFix\apps\sc.exe
c:\sdfix\SDFix\apps\sed.exe
c:\sdfix\SDFix\apps\SF.exe
c:\sdfix\SDFix\apps\shutdown.exe
c:\sdfix\SDFix\apps\srv2.txt
c:\sdfix\SDFix\apps\srv2bk.txt
c:\sdfix\SDFix\apps\svc.txt
c:\sdfix\SDFix\apps\svcbk.txt
c:\sdfix\SDFix\apps\Swreg.exe
c:\sdfix\SDFix\apps\swsc.exe
c:\sdfix\SDFix\apps\UnRAR.exe
c:\sdfix\SDFix\apps\unzip.exe
c:\sdfix\SDFix\apps\vfind.exe
c:\sdfix\SDFix\apps\WINMSG.EXE
c:\sdfix\SDFix\apps\winsec.reg
c:\sdfix\SDFix\apps\zip.exe
c:\sdfix\SDFix\backups\backupreg.zip
c:\sdfix\SDFix\backups\backups.zip
c:\sdfix\SDFix\backups\catchme.log
c:\sdfix\SDFix\backups\catchme.zip
c:\sdfix\SDFix\backups\HOSTS
c:\sdfix\SDFix\catchme.exe
c:\sdfix\SDFix\DBFix.bat
c:\sdfix\SDFix\dummy.sys
c:\sdfix\SDFix\Report.txt
c:\sdfix\SDFix\RunThis.bat
c:\sdfix\SDFix\SDFIX_ReadMe_Online.url
c:\sdfix\SDFix\W2K_VirusAlert_Repair.inf
c:\sdfix\SDFix\XP_VirusAlert_Repair.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-28 do 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-27 17:13 . 2008-11-27 17:13 <DIR> d-------- C:\rsit
2008-11-27 14:48 . 2008-11-27 14:48 <DIR> d-------- C:\zprava_806
2008-11-27 14:46 . 2008-11-27 14:46 3,054,988 --a------ C:\zprava_806.zip
2008-11-27 14:38 . 2008-11-27 14:38 1,259,897 --a------ C:\ComboFix.rar
2008-11-26 17:33 . 2008-11-27 13:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 20:57 . 2008-11-25 20:57 <DIR> d-------- C:\GameHouse Games
2008-11-25 20:56 . 2008-11-26 23:21 <DIR> d-------- c:\program files\RealArcade
2008-11-22 17:25 . 2008-11-22 17:34 <DIR> d-------- c:\program files\EscapetheMuseum_at
2008-11-22 16:15 . 2008-11-22 17:35 <DIR> d-------- c:\program files\SpookyManor_at
2008-11-22 10:19 . 2008-11-22 10:20 <DIR> d-------- c:\program files\SpiritofWanderingTheLegend_at
2008-11-21 22:37 . 2008-11-21 22:37 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Friday's games
2008-11-21 17:10 . 2008-11-22 17:35 <DIR> d-------- c:\program files\MagicEncyclopedia_at
2008-11-21 16:49 . 2008-11-21 16:50 <DIR> d-------- c:\program files\MysteryoftheCrystalPortal_at
2008-11-21 16:46 . 2008-11-27 13:21 <DIR> d-------- c:\program files\SamanthaSwift_at
2008-11-20 19:10 . 2008-11-20 19:10 <DIR> d-------- c:\program files\TreasuresofMysteryIsland_at
2008-11-20 19:10 . 2008-11-20 19:11 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\SecretIslandEng
2008-11-17 18:54 . 2008-11-22 17:30 <DIR> d-------- c:\program files\Alice Greenfingers 2
2008-11-16 22:27 . 2008-11-22 17:35 <DIR> d-------- c:\program files\PopCap Games
2008-11-16 21:11 . 2008-11-16 21:11 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Zylom
2008-11-15 21:14 . 2008-11-15 21:14 <DIR> d-------- c:\program files\PlayFirst
2008-11-14 17:06 . 2008-11-17 16:26 <DIR> d-------- c:\program files\AliceGreenfingers2_at
2008-11-06 11:51 . 2008-11-06 12:17 <DIR> d-------- c:\program files\OperationMania_at
2008-11-06 11:51 . 2008-11-06 11:51 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Pogo Games
2008-11-04 20:18 . 2008-11-24 20:28 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\PrevxCSI
2008-11-03 17:18 . 2008-11-17 16:28 <DIR> d-------- c:\program files\Cake Mania
2008-11-02 21:30 . 2008-11-28 15:20 <DIR> d-------- c:\program files\NetSoftware
2008-11-01 13:32 . 2008-11-15 20:44 <DIR> d-------- c:\program files\Retro64 Games
2008-10-29 17:50 . 2008-10-29 17:50 <DIR> d-------- c:\program files\Realore
2008-10-28 17:59 . 2008-10-29 21:52 <DIR> d-------- c:\program files\Venice
2008-10-28 14:23 . 2008-10-28 15:50 <DIR> d-------- c:\program files\Cooking Dash

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 13:01 --------- d-----w c:\program files\EA GAMES
2008-11-26 22:14 --------- d-----w c:\documents and settings\Administrator\Data aplikací\GameHouse
2008-11-25 19:06 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-11-24 19:33 --------- d-----w c:\program files\GameHouse
2008-11-24 08:53 --------- d-----w c:\program files\Miranda IM
2008-11-22 18:36 --------- d-----w c:\program files\iWin.com
2008-11-22 16:30 --------- d-----w c:\program files\Alawar
2008-11-21 15:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\MumboJumbo
2008-11-17 15:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 15:26 --------- d-----w c:\program files\Common Files\soft602
2008-11-16 16:52 --------- d-----w c:\program files\Shockwave.com
2008-11-15 20:15 --------- d-----w c:\documents and settings\Administrator\Data aplikací\PlayFirst
2008-11-15 16:00 --------- d-----w c:\documents and settings\All Users\Data aplikací\AlawarWrapper
2008-11-15 12:37 --------- d-----w c:\documents and settings\All Users\Data aplikací\Valusoft
2008-11-15 12:37 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Valusoft
2008-11-14 15:59 --------- d-----w c:\documents and settings\All Users\Data aplikací\PlayFirst
2008-11-13 19:31 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Gamelab
2008-11-03 16:18 --------- d-----w c:\documents and settings\All Users\Data aplikací\Sandlot Games
2008-11-02 11:02 --------- d-----w c:\program files\Google
2008-10-31 13:16 --------- d-----w c:\program files\iWin Games
2008-10-28 14:50 --------- d-----w c:\program files\Cake Mania 3
2008-10-28 14:47 --------- d-----w c:\program files\RanchRush_at
2008-10-27 18:43 --------- d-----w c:\program files\Garmin GPS Plugin
2008-10-25 10:12 --------- d-----w c:\documents and settings\All Users\Data aplikací\Fugazo
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 09:18 --------- d-----w c:\program files\Software602
2008-10-24 09:03 --------- d-----w c:\documents and settings\All Users\Data aplikací\WinZip
2008-10-22 14:52 --------- d-----w c:\documents and settings\Administrator\Data aplikací\PetShowCraze
2008-10-18 17:05 --------- d-----w c:\documents and settings\All Users\Data aplikací\iWin
2008-10-18 17:04 --------- d-----w c:\documents and settings\Administrator\Data aplikací\iWin
2008-10-18 11:53 --------- d-----w c:\documents and settings\Administrator\Data aplikací\MysteryStudio
2008-10-18 08:05 --------- d-----w c:\documents and settings\Administrator\Data aplikací\GARMIN
2008-10-18 07:53 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Download Manager
2008-10-11 18:45 --------- d-----w c:\program files\LambsofDreams_at
2008-10-05 09:56 --------- d-----w c:\documents and settings\All Users\Data aplikací\GameHouse
2008-10-04 15:15 --------- d-----w c:\program files\FarmFrenzy2_at
2008-10-03 11:17 --------- d-----w c:\documents and settings\Administrator\Data aplikací\iWin_DressUpRush
2008-10-03 09:38 --------- d-----w c:\documents and settings\Administrator\Data aplikací\BeachPartyCraze
2008-10-02 17:21 --------- d-----w c:\program files\SallysSalon_at
2008-10-02 12:02 --------- d-----w c:\documents and settings\All Users\Data aplikací\Legacy Interactive
2008-10-02 09:19 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ludia
2008-10-02 09:19 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Ludia
2008-10-01 14:33 --------- d-----w c:\documents and settings\All Users\Data aplikací\Astar Games
2008-10-01 09:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Fitn17
2008-10-01 09:54 --------- d-----w c:\documents and settings\All Users\Data aplikací\iWin Games
2008-10-01 09:54 --------- d-----w c:\documents and settings\Administrator\Data aplikací\iWinArcade
2008-10-01 08:43 --------- d-----w c:\program files\TeddyTavern_at
2008-10-01 08:43 --------- d-----w c:\program files\FitnessFrenzy_at
2008-10-01 08:43 --------- d-----w c:\documents and settings\Administrator\Data aplikací\SpinTop
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 14:59 7,780 ----a-w c:\documents and settings\Administrator\FMCodec.dat
2008-09-28 14:57 --------- d-----w c:\documents and settings\Administrator\Data aplikací\EleFun Games
2008-09-15 15:40 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-07-20 21:37 241 ----a-w c:\documents and settings\Administrator\SR.vbs
2008-07-04 15:01 0 ----a-w c:\program files\temp01
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-11-01 949376]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 413696]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Adobe Version Cue CS2"="c:\program files\Adobe-skola\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-05-25 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe-skola\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2008-11-02 94208]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Data aplikacˇ\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-10-01 108032]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2008-04-05 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys [2006-10-23 9856]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [2006-03-24 31616]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [2006-03-24 167424]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-04 69120]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [2006-03-24 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [2006-10-23 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [2006-03-24 10496]
R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS [2007-11-01 9446]
S1 ensqio;ensqio;c:\windows\system32\DRIVERS\ensqio.sys []
S1 sbpcint4;SB AudioPCI 128;c:\windows\system32\DRIVERS\sbpcint4.sys []

*Newly Created Service* - CATCHME
.
Obsah adresáře 'Naplánované úlohy'

2008-11-27 c:\windows\Tasks\Antispyware Scheduled Scan.job
- c:\program files\Antispyware\Antispyware.exe []

2008-11-27 c:\windows\Tasks\Antispyware Scheduled Scan.job
- c:\program files\Antispyware []

2008-11-27 c:\windows\Tasks\{D34F18B0-576E-11D0-B28C-00C04FD7CD22}_LERCH_Administrator.job
- c:\windows\system32\mobsync.exe [2004-08-17 17:49]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 15:26:24
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\imon.dll
.
Celkový čas: 2008-11-28 15:27:33
ComboFix-quarantined-files.txt 2008-11-28 14:26:50
ComboFix2.txt 2008-11-28 10:45:18
ComboFix3.txt 2008-11-28 10:42:34
ComboFix4.txt 2008-11-28 10:34:37

Před spuštěním: Volných bajtů: 26 898 489 344
Po spuštění: Volných bajtů: 26,879,672,320

291 --- E O F --- 2008-11-26 21:08:20

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online