ahoj zdravim te .Zassilam log ComboFix.
Ješte bych se chtel zeptat ,Kaspersky mi tam dedekuje tyto veci ešte neni cely sken
odstraněno: virus EICAR-Test-File Soubor: C:\DOCUME~1\BRUNO~1.JA-\LOCALS~1\Temp\Av-test.txt
zjištěno: Trojský kůň Trojan.Win32.Agent.ynz Adresa URL:
http://cokkeren83.googlepages.com/8.595 ... h.UPX//UPXnebylo nalezeno: virus Heur.Invader (varianta) Soubor: c:\documents and settings\bruno.ja-3a4c675d4c38\desktop\combofix.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe
ComboFix 08-08-27.05 - Bruno 2008-08-28 10:10:54.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.267 [GMT 2:00]
Running from: C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\WINDOWS\rvoelbxt.exe
C:\WINDOWS\system32\tdssserf.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\BOONTY Shared
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
C:\WINDOWS\rvoelbxt.exe
C:\WINDOWS\system32\tdssserf.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))
.
2008-08-27 14:51 . 2008-08-28 10:17 5,657,376 --ahsc--- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-27 14:51 . 2008-08-27 15:03 96,976 --a--c--- C:\WINDOWS\system32\drivers\klin.dat
2008-08-27 14:51 . 2008-08-27 15:03 87,855 --a--c--- C:\WINDOWS\system32\drivers\klick.dat
2008-08-27 14:51 . 2008-08-28 10:14 79,928 --ahsc--- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-27 14:50 . 2008-08-27 14:50 <DIR> d----c--- C:\Program Files\Kaspersky Lab
2008-08-27 14:50 . 2008-08-28 09:33 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-08-27 14:50 . 2008-08-28 10:15 25,376 --ahsc--- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-27 14:50 . 2008-08-28 10:14 4,424 --ahsc--- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-27 13:45 . 2008-08-27 13:59 <DIR> d----c--- C:\SDFix
2008-08-27 13:01 . 2008-08-27 13:01 <DIR> d----c--- C:\WINDOWS\erunt
2008-08-27 07:41 . 2008-08-27 07:41 0 --a--c--- C:\23990098.$$$
2008-08-27 05:21 . 2008-08-27 05:27 52 --a--c--- C:\WINDOWS\Lic.xxx
2008-08-27 05:20 . 2008-08-27 05:20 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\MicroWorld
2008-08-27 05:20 . 2004-08-04 01:56 146,432 --a--c--- C:\WINDOWS\R.COM
2008-08-27 05:20 . 2004-08-04 01:56 135,680 --a--c--- C:\WINDOWS\system32\T.COM
2008-08-27 01:34 . 2008-08-28 09:33 <DIR> d----c--- C:\WINDOWS\system32\CatRoot2
2008-08-26 23:17 . 2008-08-26 23:17 <DIR> d----c--- C:\Program Files\Trend Micro
2008-08-26 18:26 . 2008-08-26 18:26 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\services
2008-08-26 18:03 . 2008-08-26 18:03 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Thinstall
2008-08-26 11:59 . 2008-08-26 11:59 491,520 --a--c--- C:\WINDOWS\WebIE.dll
2008-08-26 11:56 . 2008-08-26 12:23 <DIR> d----c--- C:\TRANSLAT
2008-08-26 11:56 . 2008-08-26 18:15 4,562 --a--c--- C:\WINDOWS\WTRAN32.INI
2008-08-26 11:56 . 2008-08-28 10:05 2,529 --a--c--- C:\WINDOWS\TRNCOM.INI
2008-08-26 11:56 . 2008-08-26 14:39 1,854 --a--c--- C:\WINDOWS\WDICT32.INI
2008-08-26 11:56 . 2008-08-28 09:59 1,802 --a--c--- C:\WINDOWS\MAILTRAN.INI
2008-08-26 10:56 . 2008-08-26 10:56 356,352 --a--c--- C:\WINDOWS\TrnOutl.dll
2008-08-26 10:56 . 2008-08-26 10:56 294,912 --a--c--- C:\WINDOWS\TrnWord.dll
2008-08-26 10:56 . 2008-08-26 10:56 45,056 --a--c--- C:\WINDOWS\TRNOEH.DLL
2008-08-26 10:56 . 2008-08-26 12:14 42 --a--c--- C:\WINDOWS\WTRDCTM.INI
2008-08-26 10:54 . 2008-08-26 11:57 516,096 --a--c--- C:\WINDOWS\UN32.EXE
2008-08-26 10:54 . 2008-08-26 11:57 2,753 --a--c--- C:\WINDOWS\UN32P.INI
2008-08-25 18:48 . 2008-08-25 18:48 <DIR> d----c--- C:\Program Files\Common Files\Adobe
2008-08-24 16:43 . 2008-08-24 16:43 <DIR> d----c--- C:\Program Files\ReflexiveArcade
2008-08-23 23:22 . 2008-08-23 23:22 <DIR> d----c--- C:\users
2008-08-23 23:22 . 2008-08-24 16:33 <DIR> d----c--- C:\My Games
2008-08-23 23:21 . 2008-08-24 17:36 <DIR> d----c--- C:\Program Files\RealArcade
2008-08-21 16:36 . 2008-08-21 16:36 0 --ah-c--- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-21 16:36 . 2008-08-21 16:36 0 --ah-c--- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-21 16:27 . 2008-08-21 17:53 <DIR> d----c--- C:\Program Files\PC Connectivity Solution
2008-08-20 12:34 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\drivers\bthpan.sys
2008-08-20 12:34 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys
2008-08-20 12:33 . 2004-08-04 00:56 152,576 --a--c--- C:\WINDOWS\system32\irftp.exe
2008-08-20 12:33 . 2004-08-04 00:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-08-20 12:33 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\drivers\rfcomm.sys
2008-08-20 12:33 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys
2008-08-20 12:33 . 2004-08-04 00:56 27,136 --a--c--- C:\WINDOWS\system32\irmon.dll
2008-08-20 12:33 . 2004-08-04 00:56 27,136 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-08-20 12:33 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\wshirda.dll
2008-08-20 12:33 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-08-19 21:39 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\drivers\bthenum.sys
2008-08-19 21:39 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\bthenum.sys
2008-08-19 15:13 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\drivers\BTHUSB.SYS
2008-08-19 15:13 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
2008-08-19 15:10 . 2005-07-30 03:55 90,624 --a--c--- C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-08-19 15:10 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\drivers\kstvtune.ax
2008-08-19 15:10 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-08-19 15:10 . 2004-08-04 00:56 43,008 --a--c--- C:\WINDOWS\system32\drivers\ksxbar.ax
2008-08-19 15:10 . 2004-08-04 00:56 28,672 --a--c--- C:\WINDOWS\system32\drivers\vidcap.ax
2008-08-18 22:09 . 2008-08-18 22:09 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Ludia
2008-08-18 22:09 . 2008-08-18 22:09 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ludia
2008-08-18 22:08 . 2008-08-18 22:08 <DIR> d----c--- C:\WINDOWS\Hell's Kitchen
2008-08-18 18:13 . 2008-08-18 18:13 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intenium
2008-08-18 18:08 . 2008-08-18 18:08 <DIR> d----c--- C:\WINDOWS\Fairy Jewels 2
2008-08-14 21:13 . 2008-08-14 21:13 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Vso
2008-08-14 21:13 . 2008-08-14 21:13 47,360 --a--c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\pcouffin.sys
2008-08-14 16:23 . 2008-08-14 16:23 <DIR> d----c--- C:\WINDOWS\Bloom Busters
2008-08-10 15:19 . 2008-08-10 15:19 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\iWin
2008-08-10 09:27 . 2008-08-21 16:36 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-08-10 09:24 . 2008-08-10 09:24 <DIR> d----c--- C:\Program Files\DIFX
2008-08-10 09:21 . 2008-08-21 16:25 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-08-09 23:44 . 2008-08-21 16:51 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Nokia
2008-08-09 23:44 . 2008-08-09 23:44 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\DataLayer
2008-08-09 23:30 . 2008-08-21 16:36 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\PC Suite
2008-08-09 23:29 . 2008-08-10 09:23 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
2008-08-09 23:27 . 2008-08-09 23:27 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Leadertech
2008-08-09 23:25 . 2008-08-10 12:48 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\AdobeUM
2008-08-09 23:25 . 2008-08-09 23:25 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\AdobeAUM
2008-08-09 23:08 . 2008-08-10 09:19 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Phone Browser
2008-08-09 23:07 . 2008-08-26 11:36 <DIR> d----c--- C:\Program Files\Common Files\PCSuite
2008-08-09 23:06 . 2008-08-26 11:36 <DIR> d----c--- C:\Program Files\Nokia
2008-08-07 19:30 . 2008-08-07 19:30 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\MysteryStudio
2008-08-07 19:30 . 2008-08-07 19:36 311 --a--c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\bbbconfig.dat
2008-08-06 23:02 . 2008-08-06 23:02 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
2008-08-06 22:45 . 2008-08-06 22:45 <DIR> d----c--- C:\WINDOWS\16 Big Fish Games
2008-08-05 12:42 . 2008-06-17 15:14 499,712 --a--c--- C:\WINDOWS\system32\msvcp71.dll
2008-08-05 12:42 . 2008-06-17 15:17 348,160 --a--c--- C:\WINDOWS\system32\msvcr71.dll
2008-08-04 18:50 . 2008-08-08 15:57 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Winamp
2008-08-03 06:35 . 2008-08-03 06:35 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\TyphoonTools
2008-08-03 06:33 . 2008-08-03 06:34 <DIR> d----c--- C:\Program Files\TyphoonTools
2008-08-02 14:50 . 2008-08-28 10:15 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\OpenOffice.org2
2008-08-02 13:36 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-01 10:02 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-01 01:19 . 2008-08-01 01:19 <DIR> d----c--- C:\Program Files\Uniblue
2008-08-01 01:19 . 2008-08-01 01:19 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Uniblue
2008-08-01 00:57 . 2008-08-01 01:04 <DIR> d----c--- C:\Program Files\Windows Desktop Search
2008-08-01 00:47 . 2008-08-01 00:47 355,584 --a--c--- C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-31 22:18 . 2008-07-31 22:18 <DIR> d---sc--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\UserData
2008-07-31 22:05 . 2008-05-29 09:28 28,416 --a--c--- C:\WINDOWS\system32\uxtuneup.dll
2008-07-31 19:18 . 2008-08-26 23:14 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-07-31 19:18 . 2008-08-26 21:58 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\SUPERAntiSpyware.com
2008-07-31 19:18 . 2008-07-31 19:18 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-07-31 18:56 . 2008-07-31 19:01 <DIR> d----c--- C:\Program Files\SpywareBlaster
2008-07-31 18:56 . 2005-04-15 20:58 1,071,088 --a--c--- C:\WINDOWS\system32\MSCOMCTL.OCX
2008-07-31 18:56 . 2005-08-25 19:18 118,784 --a--c--- C:\WINDOWS\system32\MSSTDFMT.DLL
2008-07-31 15:28 . 2008-07-31 15:28 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\TuneUp Software
2008-07-31 14:24 . 2008-08-28 09:32 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\skypePM
2008-07-31 14:23 . 2008-08-28 10:16 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Skype
2008-07-31 13:38 . 2008-07-31 13:38 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2008-07-31 13:24 . 2004-08-04 06:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-07-31 13:23 . 2004-08-04 06:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-31 13:22 . 2004-08-04 01:56 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-07-31 13:18 . 2008-07-31 13:18 749 -rah-c--- C:\WINDOWS\WindowsShell.Manifest
2008-07-31 13:18 . 2008-07-31 13:18 749 -rah-c--- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-31 13:18 . 2008-07-31 13:18 749 -rah-c--- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-31 13:18 . 2008-07-31 13:18 749 -rah-c--- C:\WINDOWS\system32\nwc.cpl.manifest
2008-07-31 13:18 . 2008-07-31 13:18 749 -rah-c--- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-31 13:18 . 2008-07-31 13:18 488 -rah-c--- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-31 13:06 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\drivers\RTL8139.sys
2008-07-31 13:02 . 2004-08-04 06:00 24,661 --a--c--- C:\WINDOWS\system32\spxcoins.dll
2008-07-31 13:02 . 2004-08-04 06:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-07-31 13:02 . 2004-08-04 06:00 13,312 --a--c--- C:\WINDOWS\system32\irclass.dll
2008-07-31 13:02 . 2004-08-04 06:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-07-31 12:36 . 2008-07-31 12:36 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\MiniDm
2008-07-31 12:34 . 2008-07-31 12:34 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\IEPro
2008-07-31 12:31 . 2008-08-27 09:22 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 13:04 112,144 -c--a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-08-27 12:49 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-08-26 21:14 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-26 17:20 --------- dc--a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-08-26 12:02 --------- dc----w C:\Program Files\TuneUp Utilities 2008
2008-08-23 18:18 --------- dc----w C:\Program Files\directx
2008-08-20 10:39 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-08-08 13:57 --------- dc----w C:\Program Files\Winamp
2008-08-02 12:26 --------- dc----w C:\Program Files\Windows Media Connect 2
2008-07-27 18:44 --------- dc----w C:\Program Files\FunPause Atlantis
2008-07-27 12:55 2,277,376 -c--a-w C:\WINDOWS\system32\TUKernel.exe
2008-07-25 07:20 --------- dc----w C:\Program Files\Yahoo! Games
2008-07-24 19:40 --------- dc----w C:\Program Files\PopCap Games
2008-07-24 19:29 --------- dc----w C:\Program Files\TryMedia
2008-07-24 01:45 --------- dc----w C:\Program Files\Xvid CZ
2008-07-23 17:26 --------- dc----w C:\Program Files\Oberon Media
2008-07-23 04:57 --------- dc----w C:\Program Files\Codec Pack - All In 1
2008-07-23 03:18 47,360 -c--a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-23 02:30 717,296 -c--a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-18 23:10 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-07-18 23:01 --------- dc----w C:\Program Files\Webteh
2008-07-18 16:26 --------- dc----w C:\Program Files\Java
2008-07-18 00:51 --------- dc----w C:\Program Files\Common Files\Oberon Media
2008-07-17 16:43 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
2008-07-17 10:52 --------- dc----w C:\Program Files\OpenOffice.org 2.4
2008-07-17 10:13 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-07-17 09:58 --------- dc----w C:\Program Files\Realtek AC97
2008-07-17 08:36 --------- dc----w C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Application Data\OpenOffice.org2
2008-07-17 08:27 --------- dc----w C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Application Data\Skype
2008-07-17 08:22 --------- dc----w C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Application Data\skypePM
2008-07-16 04:18 --------- dc----w C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Application Data\Winamp
2008-07-15 07:38 --------- dc----w C:\Program Files\MSXML 6.0
2008-07-15 07:36 --------- dc----w C:\Program Files\MSXML 4.0
2008-07-15 07:15 --------- dc----w C:\Program Files\readmes
2008-07-15 07:15 --------- dc----w C:\Program Files\licenses
2008-07-15 07:00 --------- dc----w C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Application Data\OpenOffice.org3
2008-07-15 02:40 --------- dc----w C:\Program Files\BitLord
2008-07-14 22:54 --------- dc----w C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Application Data\TuneUp Software
2008-07-12 20:19 --------- dc----w C:\Program Files\Support Tools
2008-07-12 14:55 --------- dc----w C:\Program Files\Application Compatibility Toolkit
2008-07-12 07:42 --------- dc----w C:\Program Files\Vimicro
2008-07-11 13:38 --------- dc----w C:\Program Files\ATI Technologies
2008-07-08 13:48 --------- dc----w C:\Documents and Settings\admin\Application Data\Skype
2008-07-08 09:12 --------- dc----w C:\Documents and Settings\admin\Application Data\skypePM
2008-07-08 06:47 --------- dc----w C:\Documents and Settings\admin\Application Data\OpenOffice.org2
2008-07-07 20:06 253,952 -c--a-w C:\WINDOWS\system32\es.dll
2008-07-06 18:26 --------- dc----w C:\Documents and Settings\admin\Application Data\Uniblue
2008-07-02 18:49 --------- dc----w C:\Documents and Settings\admin\Application Data\ESET
2008-07-02 15:08 --------- dc----w C:\Program Files\Common Files\Java
2008-06-30 13:40 --------- dc----w C:\Documents and Settings\admin\Application Data\Winamp
2008-06-30 12:12 --------- dc----w C:\Documents and Settings\admin\Application Data\MusicIP
2008-06-28 09:24 --------- dc----w C:\Program Files\Common Files\DFX
2008-06-24 16:28 74,240 -c--a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:12 667,136 -c--a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:36 245,248 -c--a-w C:\WINDOWS\system32\mswsock.dll
2008-06-03 04:05 593,920 -c--a-w C:\WINDOWS\system32\ati2sgag.exe
2008-06-03 03:46 10,276,864 -c--a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 -c--a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:21 306,688 -c--a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 43,520 -c--a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 26,112 -c--a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 03:11 180,224 -c--a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 -c--a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 -c--a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 03:09 552,960 -c--a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:08 53,248 -c--a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 -c--a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:02 307,200 -c--a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 -c--a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 -c--a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:33 48,128 -c--a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 -c--a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:28 23,040 -c--a-w C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 02:28 17,408 -c--a-w C:\WINDOWS\system32\atitvo32.dll
2008-06-03 02:22 5,439,488 -c--a-w C:\WINDOWS\system32\atioglxx.dll
2008-06-03 02:21 557,056 -c--a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-11 09:44 47,360 -c--a-w C:\Documents and Settings\admin\Application Data\pcouffin.sys
2007-08-18 11:17 20,344 -c--a-w C:\Documents and Settings\admin\Application Data\Pamela_Crash_46C6D53C.zip
2006-10-13 16:29 93 -c--a-w C:\Program Files\FICS.INI
2006-10-12 21:18 93 -c--a-w C:\Program Files\ITCS.INI
2006-10-02 20:11 93 -c--a-w C:\Program Files\RUCS.INI
2006-10-02 20:11 93 -c--a-w C:\Program Files\GRCS.INI
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-07-01 08:06 148480]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [2006-08-19 20:37 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]
C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-05-31 00:18:42 393216]
C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-05-31 00:18:42 393216]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
TyphoonDesktop.lnk - C:\Program Files\TyphoonTools\TyphoonDesktop\TyphoonDesktop.exe [2008-08-03 06:34:36 1093632]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Czech\\setup.exe"=
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-01 00:47]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2008-08-28 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-28 10:15:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\TyphoonTools\TyphoonWallpaper\TyphoonWallpaper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-28 10:20:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-28 08:20:38
ComboFix2.txt 2008-08-27 16:30:09
Pre-Run: 14,926,626,816 bytes free
Post-Run: 14,936,088,576 bytes free
320 --- E O F --- 2008-08-28 07:35:37
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:06 , on 8/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ZSSnp211.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TyphoonTools\TyphoonDesktop\TyphoonDesktop.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\TyphoonTools\TyphoonWallpaper\TyphoonWallpaper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.zoznam.sk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: TyphoonDesktop.lnk = C:\Program Files\TyphoonTools\TyphoonDesktop\TyphoonDesktop.exe
O8 - Extra context menu item: Přidat do součásti Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistika součásti Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/microsoftup ... 6290450203O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 7548263984O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -
http://www.superadblocker.com/activex/sabspx.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) -
http://www.bestwallpapers.sk/albums/3d/ ... d_0634.jpg--
End of file - 6479 bytes
fix.reg 