zmizely mi všechny ikony na plose i panel nabídky START

rendabo · Příspěvekod **rendabo** » 08 pro 2007 16:58

ahoj.
avast mi posbiral tyhle viry: Win32: TraffcSol, Adware-gen, Bbfuscated-BQK, Alphabet-D. pak mi zmizely všechny ikonyz plochy i panel nabídky START.pocitac ovladam pres spravce uloh.po restartu mi ikony i spodni lista nabehnou a v zapeti zmizi a plocha je totalne mrtva. pro jistotu pridavam log
diky rene :shock:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:31, on 8.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Opera\Opera.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Documents and Settings\RB\Dokumenty\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] E:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [nwiz] nwiz.exe /install
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - F:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5085 bytes

Reklama

Tomme · Příspěvekod **Tomme** » 08 pro 2007 17:12

já se v těhle lozích atd. moc nevyznám, ale otevři správce úloh, a dej Nová úloha a napiš tam explorer.exe, a jinak můžeš projet počítač MWAVem a vložit sem log

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll <- tohle znáš?

rendabo · Příspěvekod **rendabo** » 08 pro 2007 17:15

tak to jsem prave udelal. nabehne jak lista tak i ikony,ale na chvilku se objevi,zmizi a po chvilce je pryc uplne.

Tomme · Příspěvekod **Tomme** » 08 pro 2007 17:15

viz můj edit a udělej ten log z MWAVu

rendabo · Příspěvekod **rendabo** » 08 pro 2007 17:38

prikladam log z MAWu:

Sat Dec 08 17:18:37 2007 => **********************************************************
Sat Dec 08 17:18:37 2007 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Sat Dec 08 17:18:37 2007 => Copyright © MicroWorld
Sat Dec 08 17:18:37 2007 => **********************************************************
Sat Dec 08 17:18:37 2007 => Source: C:\DOCUME~1\RB\DOKUME~1\mwav.exe
Sat Dec 08 17:18:37 2007 => Version 9.5.9 (C:\DOCUME~1\RB\LOCALS~1\Temp\mexe.com)
Sat Dec 08 17:18:37 2007 => Log File: C:\DOCUME~1\RB\LOCALS~1\Temp\MWAV.LOG
Sat Dec 08 17:18:37 2007 => MWAV Registered: FALSE.
Sat Dec 08 17:18:37 2007 => User Account: RB (Administrator Mode)
Sat Dec 08 17:18:37 2007 => OS Type: Windows Workstation
Sat Dec 08 17:18:37 2007 => OS: Windows XP
Sat Dec 08 17:18:37 2007 => Ver: Service Pack 2 (Build 2600)
Sat Dec 08 17:18:37 2007 => Windows Root Folder: C:\WINDOWS
Sat Dec 08 17:18:37 2007 => Windows Sys32 Folder: C:\WINDOWS\system32
Sat Dec 08 17:18:37 2007 => DHCP NameServer: 82.100.11.34 212.80.67.98
Sat Dec 08 17:18:37 2007 => Interface0 DHCPNameServer: 82.100.11.34 212.80.67.98
Sat Dec 08 17:18:37 2007 => Local Fixed Drives: c:\,e:\,f:\,g:\,i:\,j:\
Sat Dec 08 17:18:37 2007 => MWAV Mode: Only Scan files.

Sat Dec 08 17:25:27 2007 => Testování souboru C:\WINDOWS\system32\wingdm32.dll (????)
Sat Dec 08 17:25:35 2007 => Soubor C:\WINDOWS\system32\wingdm32.dll//PE_Patch.PECompact//PecBundle//PECompact je infikovaný virem PECompact !! Provedené akce: Nic nebylo provedeno.

//duplicitní příspěvky odstraněny a zkráceny, protože jsi sem nevložil co bylo potřeba a kvůli zpřehlednění tématu.
fre.

rendabo · Příspěvekod **rendabo** » 08 pro 2007 17:57

tak koukam ze se mi to odeslalo nekolikrat a ani jednou kompletne.
myslim ze tohle je asi nejdulezitejsi z toho logu

Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{F10DA4F3-D5E3-46F8-B403-EFBD44936922}". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{F25DB693-5AF2-4739-B20A-EB8E05E0F72D}". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{F68E3631-68ED-4970-8D77-B81FE83AA6A1}". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{FBA6882A-8289-4DAF-A8D1-AD591FD9DF3A}". Provedené akce: Nic nebylo provedeno.
Soubor C:\WINDOWS\system32\wingdm32.dll//PE_Patch.PECompact//PecBundle//PECompact je infikovaný virem PECompact !! Provedené akce: Nic nebylo provedeno.

Tomme · Příspěvekod **Tomme** » 08 pro 2007 18:10

ten log si sem vložil blbě, ale aspoň vim co a jak, takže smaž tenhle soubor C:\WINDOWS\system32\wingdm32.dll, a kdyby byl skrytej tak Nástroje - možnosti složky - zobrazení a zobrazovat skryté soubory a složky, když se bude bránit tak napiš

rendabo · Příspěvekod **rendabo** » 08 pro 2007 18:36

nasel jsem ho ale nelze odstranit :evil:

co zkusit KILLBOX??????

Tomme · Příspěvekod **Tomme** » 08 pro 2007 18:48

skus to v nouzovym režimu

sakiri · Příspěvekod **sakiri** » 08 pro 2007 19:04

Sorry za vstup...

Použij ComboFix:
Stáhni si ComboFix, ulož ho na plochu zavři všechna spuštěná okna a spusť ho.
Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Je možné, že se počítač restartuje znamená to, že ComboFix našel škodlivé soubory, a aby je smazal tak je nutný restart.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
Jinak je ComboFixův log umístěný na C:\ComboFix.txt

rendabo · Příspěvekod **rendabo** » 08 pro 2007 19:41

ComboFix 07-12-08.1 - RB 2007-12-08 19:20:10.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.671 [GMT 1:00]
Running from: C:\Documents and Settings\RB\Plocha\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\SecCenter
C:\Program Files\vuhkrmho
C:\Program Files\vuhkrmho\nofmdeps.dll
C:\WINDOWS\install.exe
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\mljifed.dll
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tttss.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_AUTO_HOTKEY_POLLER
-------\Auto HotKey Poller

((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 )))))))))))))))))))))))))))))))
.

2007-12-08 17:28 . 2007-12-08 18:19 0 --a------ C:\23990098.$$$
2007-12-08 17:26 . 2007-12-08 17:26 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-12-08 17:26 . 2007-12-08 17:26 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-12-08 17:26 . 2007-12-08 17:26 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-12-08 17:26 . 2007-12-08 17:26 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-12-08 17:26 . 2007-12-08 17:26 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-12-08 17:26 . 2007-12-08 17:26 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-12-08 17:21 . 2007-12-08 18:18 26 --a------ C:\WINDOWS\Lic.xxx
2007-12-08 17:19 . 2004-08-17 14:49 147,968 --a------ C:\WINDOWS\R.COM
2007-12-08 17:19 . 2004-08-17 14:49 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-12-08 01:14 . 2007-11-07 00:32 <DIR> d--h----- C:\Documents and Settings\Administrator.ABCDEF-123456\ćablony
2007-12-08 01:14 . 2007-11-07 01:23 <DIR> d-------- C:\Documents and Settings\Administrator.ABCDEF-123456\Plocha
2007-12-08 01:14 . 2007-11-07 01:23 <DIR> d--h----- C:\Documents and Settings\Administrator.ABCDEF-123456\Okolnˇ tisk rny
2007-12-08 01:14 . 2007-11-07 01:23 <DIR> d--h----- C:\Documents and Settings\Administrator.ABCDEF-123456\Okolnˇ sˇś
2007-12-08 01:14 . 2007-11-07 01:23 <DIR> d-------- C:\Documents and Settings\Administrator.ABCDEF-123456\Oblˇben‚ polo§ky
2007-12-08 01:14 . 2007-11-07 01:23 <DIR> dr------- C:\Documents and Settings\Administrator.ABCDEF-123456\Nabˇdka Start
2007-12-08 01:14 . 2007-11-07 01:23 <DIR> d-------- C:\Documents and Settings\Administrator.ABCDEF-123456\Dokumenty
2007-12-08 01:14 . 2007-12-08 01:19 <DIR> dr-h----- C:\Documents and Settings\Administrator.ABCDEF-123456\Data aplikacˇ
2007-12-08 00:43 . 2007-12-08 00:43 <DIR> d-------- C:\Program Files\Aruzsmhe
2007-12-06 14:22 . 2007-12-06 14:22 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-12-06 14:22 . 2007-08-27 10:53 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2007-12-06 14:21 . 2007-12-06 14:21 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared
2007-12-06 14:19 . 2007-12-06 14:19 32 --a------ C:\WINDOWS\camtasia.v.5.INI
2007-12-06 12:52 . 2007-12-06 14:21 <DIR> d-------- C:\Program Files\TechSmith
2007-12-06 10:23 . 2007-09-04 14:45 644,400 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 02:33 . 2007-12-04 02:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 02:33 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-12-04 00:17 . 2007-12-04 00:17 <DIR> d-------- C:\Program Files\Webteh
2007-12-03 23:28 . 2007-12-03 23:28 <DIR> d-------- C:\Program Files\Gabest
2007-12-03 21:26 . 2007-12-03 21:26 <DIR> d-------- C:\Program Files\Google
2007-12-01 11:59 . 2004-08-17 15:49 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-01 11:59 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-01 11:59 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-01 11:59 . 2001-10-24 12:25 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-01 09:49 . 2007-11-07 00:32 <DIR> d--h----- C:\Documents and Settings\Lucy.ABCDEF-123456\ćablony
2007-12-01 09:49 . 2007-12-02 14:29 <DIR> d-------- C:\Documents and Settings\Lucy.ABCDEF-123456\Plocha
2007-12-01 09:49 . 2007-11-07 01:23 <DIR> d--h----- C:\Documents and Settings\Lucy.ABCDEF-123456\Okolnˇ tisk rny
2007-12-01 09:49 . 2007-11-07 01:23 <DIR> d--h----- C:\Documents and Settings\Lucy.ABCDEF-123456\Okolnˇ sˇś
2007-12-01 09:49 . 2007-12-01 09:49 <DIR> dr------- C:\Documents and Settings\Lucy.ABCDEF-123456\Oblˇben‚ polo§ky
2007-12-01 09:49 . 2007-11-07 01:23 <DIR> dr------- C:\Documents and Settings\Lucy.ABCDEF-123456\Nabˇdka Start
2007-12-01 09:49 . 2007-12-02 13:19 <DIR> dr------- C:\Documents and Settings\Lucy.ABCDEF-123456\Dokumenty
2007-12-01 09:49 . 2007-12-01 12:46 <DIR> dr-h----- C:\Documents and Settings\Lucy.ABCDEF-123456\Data aplikacˇ
2007-12-01 09:49 . 2004-08-17 14:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-01 09:43 . 2007-12-01 09:43 4,608 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-11-29 23:30 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 23:30 . 2007-11-29 23:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-11-29 23:30 . 2007-11-29 23:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-11-29 23:30 . 2007-11-29 23:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-11-29 23:30 . 2007-11-29 23:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-11-29 23:28 . 2007-11-29 23:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-11-29 23:28 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-11-28 22:55 . 2007-11-28 22:55 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 22:53 . 2007-11-28 22:53 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 22:53 . 2007-11-28 22:53 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-11-28 22:53 . 2007-11-28 22:53 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-11-28 22:53 . 2007-11-28 22:53 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-11-28 22:53 . 2007-11-28 22:53 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 22:52 . 2007-11-28 22:52 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-27 11:18 . 2007-11-27 11:18 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2007-11-23 19:21 . 2007-11-23 19:21 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-23 19:21 . 2007-11-23 19:21 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-11-23 19:17 . 2006-11-13 13:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-11-23 19:17 . 2007-02-27 13:31 21,504 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2007-11-23 16:54 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-23 13:33 . 2007-11-23 13:33 <DIR> d-------- C:\Program Files\COMODO
2007-11-23 13:33 . 2007-11-23 13:33 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2007-11-23 13:33 . 2007-11-23 13:33 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-11-23 13:33 . 2007-11-23 13:33 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-11-20 11:47 . 2007-11-30 12:16 7,780 --a------ C:\Documents and Settings\RB\FMCodec.dat
2007-11-20 01:57 . 2007-11-20 02:05 <DIR> d-------- C:\WFDB
2007-11-20 01:22 . 2007-11-20 01:57 <DIR> d-------- C:\Program Files\WinFast
2007-11-20 00:37 . 2007-11-20 00:39 <DIR> d-------- C:\WINDOWS\NV20643276.TMP
2007-11-20 00:37 . 2007-11-12 06:51 158,066 --a------ C:\WINDOWS\system32\nvapps.nvb
2007-11-20 00:28 . 2007-11-20 00:29 <DIR> d-------- C:\WINDOWS\NV28563184.TMP
2007-11-19 23:36 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-11-19 23:20 . 2007-11-19 23:20 315,392 --a------ C:\WINDOWS\HideWin.exe
2007-11-19 23:20 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-11-19 22:52 . 2001-12-19 15:47 49,152 --a------ C:\WINDOWS\system32\TempDel.EXE
2007-11-19 22:52 . 2005-01-06 16:55 9,446 --a------ C:\WINDOWS\system32\drivers\WFIOCTL.sys
2007-11-19 22:40 . 2007-11-19 22:40 <DIR> d-------- C:\WINDOWS\system32\WinFox
2007-11-19 22:40 . 2005-03-25 18:24 9,600 --a------ C:\WINDOWS\system32\drivers\WINFOXIO.sys
2007-11-19 22:15 . 2001-10-25 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2007-11-19 22:14 . 2001-08-18 06:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-11-19 20:46 . 2007-11-19 23:34 <DIR> d-------- C:\WINDOWS\system32\WinFast
2007-11-19 20:10 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2007-11-19 14:42 . 2007-12-05 19:47 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2007-11-17 14:13 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2007-11-17 14:13 . 2007-11-17 14:13 390 --a------ C:\WINDOWS\ODBC.INI
2007-11-17 14:12 . 2007-11-17 14:12 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-11-14 15:06 . 2007-11-14 15:06 14 --a------ C:\WINDOWS\system32\SystemInfo32.sys
2007-11-14 14:42 . 2007-11-14 14:42 <DIR> d-------- C:\Program Files\DFX
2007-11-14 12:29 . 2007-11-19 22:44 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-11-14 12:29 . 2007-11-19 22:44 <DIR> d-------- C:\Program Files\AVSMedia
2007-11-13 15:50 . 2007-11-13 15:50 <DIR> d-------- C:\Program Files\Innovative Solutions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 11:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-06 09:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-27 10:18 --------- d-----w C:\Program Files\Common Files\Stardock
2007-11-25 17:41 --------- d-----w C:\Program Files\EurotelSMS
2007-11-23 15:53 --------- d-----w C:\Program Files\Java
2007-11-19 22:36 --------- d-----w C:\Program Files\Ulead Systems
2007-11-19 16:08 --------- d-----w C:\Program Files\Apple Software Update
2007-11-15 08:00 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-11-15 06:49 --------- d-----w C:\Program Files\MagicISO
2007-11-12 05:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-11-07 20:10 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-07 18:00 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-11-07 17:56 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-07 17:44 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-07 16:29 --------- d-----w C:\Program Files\Torrent Harvester
2007-11-07 16:00 --------- d-----w C:\Program Files\MSBuild
2007-11-07 15:56 --------- d-----w C:\Program Files\Reference Assemblies
2007-11-06 23:06 --------- d-----w C:\Program Files\Venturi2
2007-11-05 14:40 --------- d-----w C:\Program Files\ICQToolbar
2007-11-03 15:53 --------- d-----w C:\Program Files\Driver Magician
2007-11-01 16:56 --------- d-----w C:\Program Files\Realtek
2007-11-01 14:50 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-11-01 14:50 --------- d-----w C:\Program Files\LiveUpdate
2007-11-01 13:38 4,620,288 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-10-27 10:29 --------- d-----w C:\Program Files\Terragen
2007-10-26 07:01 --------- d-----w C:\Program Files\GameHouse
2007-10-25 14:35 --------- d-----w C:\Program Files\FDRLab
2007-10-25 10:57 16,855,552 ----a-w C:\WINDOWS\RTHDCPL.exe
2007-10-18 21:06 --------- d-----w C:\Program Files\AusLogics Disk Defrag
2007-10-11 17:59 --------- d-----w C:\Program Files\Any DWG DXF Converter
2007-10-11 10:04 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe
2007-09-03 15:49 92,064 ----a-w C:\Documents and Settings\Renda\mqdmmdm.sys
2007-09-03 15:49 9,232 ----a-w C:\Documents and Settings\Renda\mqdmmdfl.sys
2007-09-03 15:49 79,328 ----a-w C:\Documents and Settings\Renda\mqdmserd.sys
2007-09-03 15:49 66,656 ----a-w C:\Documents and Settings\Renda\mqdmbus.sys
2007-09-03 15:49 6,208 ----a-w C:\Documents and Settings\Renda\mqdmcmnt.sys
2007-09-03 15:49 5,936 ----a-w C:\Documents and Settings\Renda\mqdmwhnt.sys
2007-09-03 15:49 4,048 ----a-w C:\Documents and Settings\Renda\mqdmcr.sys
2007-09-03 15:49 25,600 ----a-w C:\Documents and Settings\Renda\usbsermptxp.sys
2007-09-03 15:49 22,768 ----a-w C:\Documents and Settings\Renda\usbsermpt.sys
2007-08-27 20:04 5,700 ----a-w C:\Documents and Settings\Renda\FMCodec.dat
2007-08-27 20:04 4 ----a-w C:\Documents and Settings\Renda\WFSCHDL.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]
"PeerGuardian"="E:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40]
"DAEMON Tools"="E:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]
"nwiz"="nwiz.exe" [2007-11-12 06:51 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 10:13]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 10:10]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-11-23 13:33]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-17 14:49 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-11-12 06:51 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingdm32]
wingdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
R2 CX23880;WinFast CX2388x WDM Video Capture.;C:\WINDOWS\system32\drivers\cx88vid.sys
R2 CXAVXBAR;WinFast CX2388x WDM Crossbar.;C:\WINDOWS\system32\drivers\cxavxbar.sys
R2 CXTUNE;WinFast CX2388x WDM TVTuner.;C:\WINDOWS\system32\drivers\CX88TUNE.sys
R3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
R3 pgfilter;pgfilter;\??\E:\Program Files\PeerGuardian2\pgfilter.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\E:\Program Files\CyberLink\PowerDVD\000.fcl
S3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS

*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 19:02:28 C:\WINDOWS\Tasks\AwcProUpdate.job"
- E:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- E:\Program Files\IObit\Advanced WindowsCare V2 Pro\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\DOCUME~1\RB\LOCALS~1\Temp\pidayrry23456.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 19:37:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-08 19:38:01 - machine was rebooted
.
--- E O F ---

rendabo · Příspěvekod **rendabo** » 08 pro 2007 19:44

vypada ze je to v poradku

zmizely mi všechny ikony na plose i panel nabídky START

zmizely mi všechny ikony na plose i panel nabídky START

zmizely ikony

log z MAWu

combofix log

Kdo je online