Prosím o kontrolu, infikované PC(vyřešeno)

tamagoci · Příspěvekod **tamagoci** » 01 led 2008 02:08

otravuje me SecurePCcleaner,nevim jaK HO MAM DAT PRYC,PROTOZE HO NEMUZU NAJIT.

//upraven název příspěvku
fre.

Reklama

Příspěvekod **fredik** » 01 led 2008 10:29

Vítej na fóru

Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah.

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

tamagoci · Příspěvekod **tamagoci** » 01 led 2008 22:56

Udělal jsem to,jak jste napsali.A problém je zdá se pryč.Dám sem ty reporty.Vložím je oba do jednoho RARu.

tamagoci · Příspěvekod **tamagoci** » 02 led 2008 10:59

SecurePcCleaner..šmejd je pryč,jak se zdá..

Příspěvekod **fredik** » 02 led 2008 20:32

V pořádku to ještě není. Použij následující postup a pak dočistíme případné zbytky co zůstanou.

Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.

+
Spusť znovu ComboFix a vlož sem log co se zobrazí.

tamagoci · Příspěvekod **tamagoci** » 03 led 2008 12:15

tak jsem to udělal..a nestačil jsem zírat(jinak je to PC bratra)ne moje..byl bych rád kdyby mi někdo(někdy)trochu vysvětlil to co s tím PC vlastně provádím.tady jsou reporty z SuperAntiSpyware a combo............................-------------------------------------------------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/03/2008 at 11:06 AM

Application Version : 3.9.1008

Core Rules Database Version : 3372
Trace Rules Database Version: 1367

Scan type : Quick Scan
Total Scan Time : 00:17:59

Memory items scanned : 576
Memory threats detected : 1
Registry items scanned : 788
Registry threats detected : 40
File items scanned : 15314
File threats detected : 8

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\PERFS.EXE
C:\WINDOWS\SYSTEM32\PERFS.EXE
HKLM\System\ControlSet001\Services\perfmons
HKLM\System\ControlSet002\Services\perfmons
HKLM\System\CurrentControlSet\Services\perfmons

Adware.WhenU
HKLM\Software\WhenUSearch
HKLM\Software\WhenUSearch#InstallDir
HKLM\Software\WhenUSearch#Version
HKLM\Software\WhenUSearch#pats_url
HKLM\Software\WhenUSearch#pat_chunks_url
HKLM\Software\WhenUSearch#update_url
HKLM\Software\WhenUSearch#ziptomsa_url
HKLM\Software\WhenUSearch#iptomsa_url
HKLM\Software\WhenUSearch#coupondataurl
HKLM\Software\WhenUSearch#InstallTime
HKLM\Software\WhenUSearch#zip
HKLM\Software\WhenUSearch\Partners
HKLM\Software\WhenUSearch\Partners\desktop
HKLM\Software\WhenUSearch\Partners\desktop#LastPartner
HKLM\Software\WhenUSearch\Partners\desktop#SetupCmdLine
HKLM\Software\WhenUSearch\Partners\desktop#Partner
HKLM\Software\WhenUSearch\Partners\desktop#InstallTime
HKLM\Software\WhenUSearch\Partners\desktop#PartnerDesc
HKLM\Software\WhenUSearch\WHSE
HKLM\Software\WhenUSearch\WHSE#Installed_rs
HKLM\Software\WhenUSearch\WHSE#uiver_rs
HKLM\Software\WhenUSearch\WHSE#exitsurvey_url
HKLM\Software\WhenUSearch\WHSE#Partner
HKLM\Software\WhenUSearch\WHSE#LastPartner
HKLM\Software\WhenUSearch\WHSE#InstallTime
HKLM\Software\WhenUSearch\WHSE#SetupCmdLine
HKLM\Software\WhenUSearch\WHSE#showSplash
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSearch
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSearch#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSearch#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSearch#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSearch#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSearch#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSearch#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSearch#UrlInfoAbout
HKCR\CLSID\{763BD795-24AE-44d7-82D8-F9A1EE799729}
HKCR\CLSID\{763BD795-24AE-44d7-82D8-F9A1EE799729}\LocalServer32
C:\Program Files\Common Files\WhenU\DTAdapter.exe
C:\Program Files\Common Files\WhenU\DTPlugin.dll
C:\Program Files\Common Files\WhenU

Trojan.Downloader-Gen/INDT2
C:\WINDOWS\SYSTEM32\INDT2.SYS
C:\WINDOWS\Prefetch\INDT2.SYS-3A706AA7.pf

Rootkit.NDT2
C:\WINDOWS\SYSTEM32\NDT2.SYS

Trojan.Downloader-Gen/A
D:\PROGRAM FILES\HRY\STONE\A.EXE

---------------------------------------------------------------------------------------
ComboFix 07-12-31.4 - Uživatel 2008-01-03 11:15:42.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.429 [GMT 1:00]
Running from: J:\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-03 10:46 . 2008-01-03 11:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-03 10:46 . 2008-01-03 10:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 10:46 . 2008-01-03 10:46 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\SUPERAntiSpyware.com
2008-01-03 10:46 . 2008-01-03 10:46 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\SUPERAntiSpyware.com
2008-01-03 10:46 . 2008-01-03 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2008-01-02 14:05 . 2008-01-02 14:06 <DIR> d-------- C:\Program Files\DAEMON Tools SearchBar
2008-01-02 13:57 . 2008-01-02 13:57 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-01 17:25 . 2008-01-01 17:34 <DIR> d-------- C:\Program Files\Kerio
2008-01-01 17:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 16:49 . 2008-01-01 16:49 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-01 16:04 . 2008-01-01 16:14 <DIR> d-------- C:\Documents and Settings\Uživatel\DoctorWeb
2008-01-01 16:04 . 2008-01-01 16:14 <DIR> d-------- C:\Documents and Settings\Uživatel\DoctorWeb
2008-01-01 16:01 . 2008-01-03 11:01 <DIR> d-------- C:\Program Files\DrWeb
2008-01-01 16:01 . 2008-01-01 16:01 77,824 --a----t- C:\WINDOWS\system32\DRWEBSP.DLL
2008-01-01 14:17 . 2008-01-01 14:17 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-01 14:17 . 2008-01-01 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2007-12-30 15:04 . 2007-12-30 15:04 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-12-30 15:00 . 2008-01-01 17:49 <DIR> d-------- C:\Program Files\WinClamAVShield
2007-12-30 14:55 . 2008-01-02 14:13 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-12-30 14:55 . 2008-01-01 14:17 <DIR> d-------- C:\Program Files\Crawler
2007-12-29 22:56 . 2007-12-30 13:48 1,314 ---hs---- C:\WINDOWS\system32\hlykygqe.ini
2007-12-29 18:25 . 2007-12-30 09:47 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-12-29 14:05 . 2007-12-29 14:05 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\Lavasoft
2007-12-29 14:05 . 2007-12-29 14:05 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\Lavasoft
2007-12-29 13:45 . 2007-12-29 13:45 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-29 13:42 . 2007-12-29 13:42 <DIR> d-------- C:\Program Files\InCode Solutions
2007-12-29 11:29 . 2007-12-29 11:29 <DIR> d-------- C:\Program Files\Realtek
2007-12-29 11:29 . 2007-12-29 11:29 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\InstallShield
2007-12-29 11:29 . 2007-12-29 11:29 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\InstallShield
2007-12-28 20:09 . 1998-06-17 21:00 89,360 -ra------ C:\WINDOWS\system32\VB5DB.DLL
2007-12-28 20:09 . 2000-03-17 05:21 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll
2007-12-28 20:09 . 2000-03-17 05:21 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll
2007-12-28 20:09 . 2002-04-24 09:43 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca
2007-12-28 20:09 . 2002-04-09 14:23 29,184 -ra------ C:\WINDOWS\system32\MSINET.oca
2007-12-28 20:09 . 2002-10-17 07:35 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe
2007-12-28 19:38 . 2007-12-29 22:46 954 ---hs---- C:\WINDOWS\system32\agjduugy.ini
2007-12-27 21:09 . 2007-12-31 11:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-27 21:09 . 2007-12-27 21:09 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-27 10:33 . 2007-12-27 18:17 56 --a------ C:\WINDOWS\system32\S-1-5-21-0094400A
2007-12-26 17:06 . 2007-12-26 18:15 <DIR> d-------- C:\audiograbber
2007-12-26 16:49 . 2007-12-26 18:15 34 --a------ C:\WINDOWS\cdplayer.ini
2007-12-26 16:27 . 2001-03-23 16:29 880,912 --a------ C:\WINDOWS\WM8EUTIL.exe
2007-12-25 22:23 . 2007-12-25 22:23 <DIR> d-------- C:\Documents and Settings\Uživatel\WINDOWS
2007-12-25 22:23 . 2007-12-25 22:23 <DIR> d-------- C:\Documents and Settings\Uživatel\WINDOWS
2007-12-25 21:18 . 2007-12-25 21:18 24 ---hs---- C:\WINDOWS\SCEC2B874.tmp
2007-12-25 21:15 . 2007-12-25 21:15 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\SlySoft
2007-12-25 21:15 . 2007-12-25 21:15 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\SlySoft
2007-12-25 10:21 . 2007-12-25 10:22 <DIR> d-------- C:\Program Files\Labtec
2007-12-25 10:21 . 2007-12-25 10:22 6,205 --a------ C:\WINDOWS\system\Kbdvx32a.vxd
2007-12-24 07:33 . 2008-01-01 14:16 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\DAEMON Tools
2007-12-24 07:33 . 2008-01-01 14:16 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\DAEMON Tools
2007-12-23 23:35 . 2007-12-23 23:35 5,154,304 --a------ C:\WindowsDefender.msi
2007-12-23 19:40 . 2007-10-11 00:50 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-23 19:40 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-23 19:40 . 2007-07-01 04:36 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-23 19:40 . 2007-10-11 00:50 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-23 19:40 . 2007-10-11 00:50 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-23 19:40 . 2007-10-11 00:50 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-23 19:40 . 2007-10-11 00:50 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-23 19:40 . 2007-10-11 00:50 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-23 19:40 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-23 19:34 . 2007-12-24 19:34 894 ---hs---- C:\WINDOWS\system32\rdqtqdvg.ini
2007-12-23 18:36 . 2007-12-23 19:13 654 ---hs---- C:\WINDOWS\system32\crjlakvo.ini
2007-12-23 18:21 . 2007-12-23 18:22 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-12-23 18:21 . 2007-12-23 18:22 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-12-22 18:35 . 2007-12-23 17:36 534 ---hs---- C:\WINDOWS\system32\ocgregyv.ini
2007-12-21 18:41 . 2007-12-22 10:11 354 ---hs---- C:\WINDOWS\system32\gbeygxrl.ini
2007-12-20 18:34 . 2007-12-21 18:40 414 ---hs---- C:\WINDOWS\system32\kbhbmsii.ini
2007-12-19 18:33 . 2007-12-20 09:04 474 ---hs---- C:\WINDOWS\system32\fywoitgx.ini
2007-12-19 08:57 . 2007-12-19 08:57 294 ---hs---- C:\WINDOWS\system32\tjxsjnwv.ini
2007-12-18 06:29 . 2007-12-18 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Avg7
2007-12-18 05:00 . 2007-12-18 05:00 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-18 05:00 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-12-18 05:00 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-18 05:00 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-18 05:00 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-18 05:00 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-18 05:00 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-18 05:00 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-18 05:00 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-18 05:00 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-16 16:17 . 2007-12-16 16:17 <DIR> d-------- C:\Program Files\DSPlayer_v0.889_lite
2007-12-15 18:36 . 2007-12-15 18:36 <DIR> d-------- C:\Program Files\ffdshow
2007-12-15 18:36 . 2007-12-15 18:36 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2007-12-15 18:36 . 2007-12-15 18:36 33,533 --a------ C:\WINDOWS\system32\CoreVorbis-uninstall.exe
2007-12-15 18:35 . 2007-12-15 18:35 <DIR> d-------- C:\Program Files\XviD
2007-12-15 18:35 . 2007-12-15 18:35 <DIR> d-------- C:\Program Files\Morgan
2007-12-15 18:35 . 2007-12-15 18:35 <DIR> d-------- C:\Program Files\AC3Filter
2007-12-15 18:34 . 2007-12-15 18:34 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-15 18:26 . 2007-12-15 18:26 56 -r-hs---- C:\WINDOWS\system32\9E765C5CCF.sys
2007-12-13 08:23 . 2007-12-13 08:23 32,768 --a------ C:\WINDOWS\system32\routing.exe
2007-12-09 21:31 . 2007-12-09 21:31 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\NASA
2007-12-09 21:31 . 2007-12-09 21:31 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\NASA
2007-12-09 21:29 . 2007-12-09 21:29 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-08 15:02 . 2007-12-08 15:02 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\WebCompiler3
2007-12-08 15:02 . 2007-12-08 15:02 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\WebCompiler3
2007-12-08 14:58 . 2007-12-08 14:58 <DIR> d-------- C:\Program Files\MP3Dancer
2007-12-08 14:58 . 2007-12-08 14:58 <DIR> d-------- C:\Program Files\Common Files\Totem Shared
2007-12-07 22:59 . 2007-12-09 21:31 <DIR> d-------- C:\Program Files\uTorrent
2007-12-07 20:05 . 2004-08-17 14:49 23,552 --a------ C:\WINDOWS\system32\OLD73.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 10:10 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\Skype
2008-01-03 10:10 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\Skype
2008-01-03 07:03 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\skypePM
2008-01-03 07:03 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\skypePM
2008-01-02 18:01 --------- d-----w C:\Program Files\ICQToolbar
2008-01-02 12:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-30 08:47 --------- d-----w C:\Program Files\Bonjour
2007-12-24 21:56 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-18 05:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-18 05:55 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-15 17:34 --------- d-----w C:\Program Files\DivX
2007-12-15 17:24 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-12-15 17:23 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-12 15:22 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-12-12 11:20 --------- d-----w C:\Program Files\Seznam DVD
2007-12-08 16:39 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-01 21:51 --------- d-----w C:\Program Files\Winamp
2007-11-29 16:23 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2007-11-28 16:20 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\eBookPro6
2007-11-28 16:20 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\eBookPro6
2007-11-27 19:13 22,328 ----a-w C:\Documents and Settings\Uživatel\Data aplikací\PnkBstrK.sys
2007-11-27 19:13 22,328 ----a-w C:\Documents and Settings\Uživatel\Data aplikací\PnkBstrK.sys
2007-11-27 16:34 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\QuickTime
2007-11-19 16:30 --------- d-----w C:\Program Files\Common Files\DirectX
2007-11-19 16:22 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 14:48 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-11 14:48 --------- d--h--r C:\Documents and Settings\Uživatel\Data aplikací\SecuROM
2007-11-11 14:48 --------- d--h--r C:\Documents and Settings\Uživatel\Data aplikací\SecuROM
2007-11-11 11:59 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\DeskSoft
2007-11-11 11:59 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\DeskSoft
2007-11-07 18:50 --------- d-----w C:\Program Files\Common Files\Micropro
2007-11-07 18:34 --------- d-----w C:\Program Files\Micropro
2007-11-06 16:06 --------- d-----w C:\Program Files\CyberLink
2007-11-06 15:33 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\ACD Systems
2007-11-06 15:33 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\ACD Systems
2007-11-06 15:32 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2007-11-06 15:32 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-11-06 15:32 --------- d-----w C:\Program Files\ACD Systems
2007-11-06 15:32 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ACD Systems
2007-11-03 15:05 --------- d-----w C:\Program Files\KYE
2007-11-03 15:04 --------- d-----w C:\Program Files\Common Files\snpstd2
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 16:15 491,520 ----a-w C:\WINDOWS\WebIE.dll
2007-10-22 16:15 45,056 ----a-w C:\WINDOWS\TRNOEH.DLL
2007-10-22 16:15 356,352 ----a-w C:\WINDOWS\TrnOutl.dll
2007-10-22 16:15 294,912 ----a-w C:\WINDOWS\TrnWord.dll
2007-10-22 16:15 26,624 ----a-w C:\WINDOWS\OETRN.EXE
2007-10-22 16:15 200,704 ----a-w C:\WINDOWS\TRNOET.DLL
2007-10-22 16:14 516,096 ----a-w C:\WINDOWS\UN32.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-01-01_17.09.57.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-03 09:46:33 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-01-03 09:46:33 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-01-03 09:46:33 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2005-09-26 10:05:06 286,720 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
+ 2005-09-26 10:05:06 81,920 ----a-w C:\WINDOWS\system32\drivers\khips.sys
- 2007-12-31 16:58:12 82,476 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2008-01-01 17:26:32 82,476 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2007-12-31 16:58:12 71,046 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-01 17:26:32 71,046 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-31 16:58:12 435,922 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2008-01-01 17:26:32 435,922 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2007-12-31 16:58:12 438,960 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-01 17:26:32 438,960 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-03 10:08:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_624.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2005-02-26 01:28 212992]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-10 08:44 94208]
"WEBTRAN"="" []
"OEXPRESS"="" []
"BitComet"="C:\Program Files\BitLord\BitLord.exe" [2005-05-07 01:47 2224128]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"AGRSMMSG"="AGRSMMSG.exe" [2002-09-25 11:44 87751 C:\WINDOWS\AGRSMMSG.exe]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-06-10 11:54 286720]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\Desktop\V5.1\moffice.exe" [2007-12-25 10:21 958464]
"OFFICEKB"="C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2007-12-25 10:22 387584]
"NWEReboot"="" []
"SpIDerMail"="C:\Program Files\DrWeb\spiderml.exe" [2007-12-25 14:34 500976]
"DrWebScheduler"="C:\Program Files\DrWeb\DRWEBSCD.EXE" [2007-09-19 16:04 130552]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2007-12-30 14:59 2776576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 16:49 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqommk]
urqommk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
C:\Program Files\lg_fwupdate\fwupdate.exe blrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2007-12-30 14:59 2776576 --a------ C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WTI]
C:\Documents and Settings\Uživatel\Local Settings\Temp\wzb6c1\WTI.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 11:05]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 11:05]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-12-30 15:04]
R2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe [2007-12-13 08:23]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
S1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-10-23 09:05]
S2 SPIDERNT;SpIDer Guard for Windows;C:\PROGRA~1\DrWeb\spidernt.exe [2007-10-01 16:17]
S2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-10-23 09:09]
S2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-10-23 09:09]
S3 snpstd2;VideoCAM Look;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 11:49]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-10-23 09:08]
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-10-23 09:07]
S3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-10-23 09:08]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 11:19:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-03 11:20:51
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-03 10:20:45
C:\qoobox\ComboFix2.txt 2008-01-01 16:10:12
.
2007-12-31 00:05:39 --- E O F ---

Příspěvekod **fredik** » 03 led 2008 18:45

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

Driver::
Routing

File::
C:\WINDOWS\system32\hlykygqe.ini
C:\WINDOWS\system32\agjduugy.ini
C:\WINDOWS\system32\rdqtqdvg.ini
C:\WINDOWS\system32\crjlakvo.ini
C:\WINDOWS\system32\ocgregyv.ini
C:\WINDOWS\system32\gbeygxrl.ini
C:\WINDOWS\system32\kbhbmsii.ini
C:\WINDOWS\system32\fywoitgx.ini
C:\WINDOWS\system32\tjxsjnwv.ini
C:\WINDOWS\system32\routing.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WTI]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqommk]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
+
dej sem i nový log z HJT.

tamagoci · Příspěvekod **tamagoci** » 04 led 2008 11:52

tak tady to je..

ComboFix 07-12-31.4 - Uživatel 2008-01-04 11:17:32.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.588 [GMT 1:00]
Running from: C:\Documents and Settings\Uživatel\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Uživatel\Plocha\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\agjduugy.ini
C:\WINDOWS\system32\crjlakvo.ini
C:\WINDOWS\system32\fywoitgx.ini
C:\WINDOWS\system32\gbeygxrl.ini
C:\WINDOWS\system32\hlykygqe.ini
C:\WINDOWS\system32\kbhbmsii.ini
C:\WINDOWS\system32\ocgregyv.ini
C:\WINDOWS\system32\rdqtqdvg.ini
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\tjxsjnwv.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\agjduugy.ini
C:\WINDOWS\system32\crjlakvo.ini
C:\WINDOWS\system32\fywoitgx.ini
C:\WINDOWS\system32\gbeygxrl.ini
C:\WINDOWS\system32\hlykygqe.ini
C:\WINDOWS\system32\kbhbmsii.ini
C:\WINDOWS\system32\ocgregyv.ini
C:\WINDOWS\system32\rdqtqdvg.ini
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\tjxsjnwv.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ROUTING
-------\Routing

((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))
.

2008-01-03 23:10 . 2008-01-03 23:10 45,056 --a------ C:\WINDOWS\system32\Indt2.sys
2008-01-03 23:09 . 2008-01-03 23:10 253,440 --a------ C:\WINDOWS\system32\ndt2.sys
2008-01-03 10:46 . 2008-01-03 14:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-03 10:46 . 2008-01-03 10:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 14:05 . 2008-01-02 14:06 <DIR> d-------- C:\Program Files\DAEMON Tools SearchBar
2008-01-02 13:57 . 2008-01-02 13:57 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-01 17:25 . 2008-01-01 17:34 <DIR> d-------- C:\Program Files\Kerio
2008-01-01 17:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 16:49 . 2008-01-01 16:49 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-01 16:01 . 2008-01-03 20:59 <DIR> d-------- C:\Program Files\DrWeb
2008-01-01 16:01 . 2008-01-01 16:01 77,824 --a----t- C:\WINDOWS\system32\DRWEBSP.DLL
2008-01-01 14:17 . 2008-01-01 14:17 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-30 14:55 . 2008-01-01 14:17 <DIR> d-------- C:\Program Files\Crawler
2007-12-29 18:25 . 2007-12-30 09:47 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-12-29 13:45 . 2007-12-29 13:45 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-29 13:42 . 2007-12-29 13:42 <DIR> d-------- C:\Program Files\InCode Solutions
2007-12-29 11:29 . 2007-12-29 11:29 <DIR> d-------- C:\Program Files\Realtek
2007-12-28 20:09 . 1998-06-17 21:00 89,360 -ra------ C:\WINDOWS\system32\VB5DB.DLL
2007-12-28 20:09 . 2000-03-17 05:21 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll
2007-12-28 20:09 . 2000-03-17 05:21 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll
2007-12-28 20:09 . 2002-04-24 09:43 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca
2007-12-28 20:09 . 2002-04-09 14:23 29,184 -ra------ C:\WINDOWS\system32\MSINET.oca
2007-12-28 20:09 . 2002-10-17 07:35 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe
2007-12-27 21:09 . 2007-12-31 11:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-27 21:09 . 2007-12-27 21:09 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-27 10:33 . 2007-12-27 18:17 56 --a------ C:\WINDOWS\system32\S-1-5-21-0094400A
2007-12-26 17:06 . 2007-12-26 18:15 <DIR> d-------- C:\audiograbber
2007-12-26 16:49 . 2007-12-26 18:15 34 --a------ C:\WINDOWS\cdplayer.ini
2007-12-26 16:27 . 2001-03-23 16:29 880,912 --a------ C:\WINDOWS\WM8EUTIL.exe
2007-12-25 21:18 . 2007-12-25 21:18 24 ---hs---- C:\WINDOWS\SCEC2B874.tmp
2007-12-25 10:21 . 2007-12-25 10:22 <DIR> d-------- C:\Program Files\Labtec
2007-12-25 10:21 . 2007-12-25 10:22 6,205 --a------ C:\WINDOWS\system\Kbdvx32a.vxd
2007-12-23 23:35 . 2007-12-23 23:35 5,154,304 --a------ C:\WindowsDefender.msi
2007-12-23 19:40 . 2007-10-11 00:50 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-23 19:40 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-23 19:40 . 2007-07-01 04:36 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-23 19:40 . 2007-10-11 00:50 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-23 19:40 . 2007-10-11 00:50 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-23 19:40 . 2007-10-11 00:50 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-23 19:40 . 2007-10-11 00:50 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-23 19:40 . 2007-10-11 00:50 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-23 19:40 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-23 18:21 . 2007-12-23 18:22 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-12-23 18:21 . 2007-12-23 18:22 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-12-18 05:00 . 2007-12-18 05:00 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-18 05:00 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-12-18 05:00 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-18 05:00 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-18 05:00 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-18 05:00 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-18 05:00 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-18 05:00 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-18 05:00 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-18 05:00 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-16 16:17 . 2007-12-16 16:17 <DIR> d-------- C:\Program Files\DSPlayer_v0.889_lite
2007-12-15 18:36 . 2007-12-15 18:36 <DIR> d-------- C:\Program Files\ffdshow
2007-12-15 18:36 . 2007-12-15 18:36 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2007-12-15 18:36 . 2007-12-15 18:36 33,533 --a------ C:\WINDOWS\system32\CoreVorbis-uninstall.exe
2007-12-15 18:35 . 2007-12-15 18:35 <DIR> d-------- C:\Program Files\XviD
2007-12-15 18:35 . 2007-12-15 18:35 <DIR> d-------- C:\Program Files\Morgan
2007-12-15 18:35 . 2007-12-15 18:35 <DIR> d-------- C:\Program Files\AC3Filter
2007-12-15 18:34 . 2007-12-15 18:34 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-15 18:26 . 2007-12-15 18:26 56 -r-hs---- C:\WINDOWS\system32\9E765C5CCF.sys
2007-12-09 21:29 . 2007-12-09 21:29 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-08 14:58 . 2007-12-08 14:58 <DIR> d-------- C:\Program Files\MP3Dancer
2007-12-08 14:58 . 2007-12-08 14:58 <DIR> d-------- C:\Program Files\Common Files\Totem Shared
2007-12-07 22:59 . 2007-12-09 21:31 <DIR> d-------- C:\Program Files\uTorrent
2007-12-07 20:05 . 2004-08-17 14:49 23,552 --a------ C:\WINDOWS\system32\OLD73.tmp
2007-12-07 20:05 . 2004-08-17 15:49 4,096 --a------ C:\WINDOWS\system32\OLD3D.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 19:57 --------- d-----w C:\Program Files\DivX
2008-01-02 18:01 --------- d-----w C:\Program Files\ICQToolbar
2008-01-02 12:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-30 08:47 --------- d-----w C:\Program Files\Bonjour
2007-12-24 21:56 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-18 05:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-15 17:24 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-12-15 17:23 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-12 11:20 --------- d-----w C:\Program Files\Seznam DVD
2007-12-01 21:51 --------- d-----w C:\Program Files\Winamp
2007-11-19 16:30 --------- d-----w C:\Program Files\Common Files\DirectX
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 18:50 --------- d-----w C:\Program Files\Common Files\Micropro
2007-11-07 18:34 --------- d-----w C:\Program Files\Micropro
2007-11-06 16:06 --------- d-----w C:\Program Files\CyberLink
2007-11-06 15:32 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2007-11-06 15:32 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-11-06 15:32 --------- d-----w C:\Program Files\ACD Systems
2007-10-22 16:15 491,520 ----a-w C:\WINDOWS\WebIE.dll
2007-10-22 16:15 45,056 ----a-w C:\WINDOWS\TRNOEH.DLL
2007-10-22 16:15 356,352 ----a-w C:\WINDOWS\TrnOutl.dll
2007-10-22 16:15 294,912 ----a-w C:\WINDOWS\TrnWord.dll
2007-10-22 16:15 26,624 ----a-w C:\WINDOWS\OETRN.EXE
2007-10-22 16:15 200,704 ----a-w C:\WINDOWS\TRNOET.DLL
2007-10-22 16:14 516,096 ----a-w C:\WINDOWS\UN32.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-01-01_17.09.57.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-03 09:46:33 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-01-03 09:46:33 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-01-03 09:46:33 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2005-09-26 10:05:06 286,720 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
+ 2005-09-26 10:05:06 81,920 ----a-w C:\WINDOWS\system32\drivers\khips.sys
- 2007-12-31 16:58:12 82,476 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2008-01-01 17:26:32 82,476 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2007-12-31 16:58:12 71,046 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-01 17:26:32 71,046 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-31 16:58:12 435,922 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2008-01-01 17:26:32 435,922 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2007-12-31 16:58:12 438,960 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-01 17:26:32 438,960 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-04 10:23:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_664.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2005-02-26 01:28 212992]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-10 08:44 94208]
"WEBTRAN"="" []
"OEXPRESS"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"AGRSMMSG"="AGRSMMSG.exe" [2002-09-25 11:44 87751 C:\WINDOWS\AGRSMMSG.exe]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-06-10 11:54 286720]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\Desktop\V5.1\moffice.exe" [2007-12-25 10:21 958464]
"OFFICEKB"="C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2007-12-25 10:22 387584]
"NWEReboot"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 16:49 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
C:\Program Files\lg_fwupdate\fwupdate.exe blrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 11:05]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 11:05]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
R3 snpstd2;VideoCAM Look;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 11:49]
S1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-10-23 09:05]
S2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-10-23 09:09]
S2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-10-23 09:09]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-10-23 09:08]
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-10-23 09:07]
S3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-10-23 09:08]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 11:24:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 11:27:09 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-04 10:27:02
C:\qoobox\ComboFix2.txt 2008-01-03 10:20:53
C:\qoobox\ComboFix3.txt 2008-01-01 16:10:12
.
2007-12-31 00:05:39 --- E O F ---
---------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:12, on 4.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Labtec\Keyboard\V5.1\MOUSE32A.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Documents and Settings\Uživatel\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se4009.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5D08A94-8330-4AE2-BEB5-0E4D477B28FC}: NameServer = 81.19.33.2,81.19.34.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11353 bytes

Příspěvekod **fredik** » 04 led 2008 17:47

Vytvoř si nový CFScript a tentokrát vlož do něho toto:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\ndt2.sys

DirLook::
C:\WINDOWS\system32\S-1-5-21-0094400A

Použij ho stejným způsobem jako před tím a vlož sem opět log co se zobrazí po jeho provedení.

tamagoci · Příspěvekod **tamagoci** » 05 led 2008 13:12

tady je..

ComboFix 07-12-31.4 - Uživatel 2008-01-05 11:45:52.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.573 [GMT 1:00]
Running from: C:\Documents and Settings\Uživatel\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Uživatel\Plocha\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\ndt2.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\ndt2.sys

.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-05 07:26 . 2008-01-05 07:26 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-05 05:48 . 2008-01-05 05:48 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\Desperate Housewives
2008-01-05 05:48 . 2008-01-05 05:48 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\Desperate Housewives
2008-01-05 04:41 . 2008-01-05 04:41 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-05 04:40 . 2008-01-05 04:41 <DIR> d-------- C:\Program Files\CCleaner
2008-01-04 13:10 . 2008-01-04 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\GRETECH
2008-01-04 13:09 . 2008-01-04 13:09 <DIR> d-------- C:\Program Files\GRETECH
2008-01-04 13:09 . 2008-01-04 13:09 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\GRETECH
2008-01-04 13:09 . 2008-01-04 13:09 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\GRETECH
2008-01-03 10:46 . 2008-01-03 14:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-03 10:46 . 2008-01-03 10:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 10:46 . 2008-01-03 10:46 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\SUPERAntiSpyware.com
2008-01-03 10:46 . 2008-01-03 10:46 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\SUPERAntiSpyware.com
2008-01-03 10:46 . 2008-01-03 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2008-01-02 14:05 . 2008-01-02 14:06 <DIR> d-------- C:\Program Files\DAEMON Tools SearchBar
2008-01-02 13:57 . 2008-01-02 13:57 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-01 17:25 . 2008-01-01 17:34 <DIR> d-------- C:\Program Files\Kerio
2008-01-01 17:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 16:49 . 2008-01-01 16:49 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-01 16:04 . 2008-01-01 16:14 <DIR> d-------- C:\Documents and Settings\Uživatel\DoctorWeb
2008-01-01 16:04 . 2008-01-01 16:14 <DIR> d-------- C:\Documents and Settings\Uživatel\DoctorWeb
2008-01-01 16:01 . 2008-01-03 20:59 <DIR> d-------- C:\Program Files\DrWeb
2008-01-01 16:01 . 2008-01-01 16:01 77,824 --a----t- C:\WINDOWS\system32\DRWEBSP.DLL
2008-01-01 14:17 . 2008-01-01 14:17 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-30 14:55 . 2008-01-01 14:17 <DIR> d-------- C:\Program Files\Crawler
2007-12-29 18:25 . 2007-12-30 09:47 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-12-29 14:05 . 2007-12-29 14:05 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\Lavasoft
2007-12-29 14:05 . 2007-12-29 14:05 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\Lavasoft
2007-12-29 13:45 . 2007-12-29 13:45 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-29 13:42 . 2007-12-29 13:42 <DIR> d-------- C:\Program Files\InCode Solutions
2007-12-29 11:29 . 2007-12-29 11:29 <DIR> d-------- C:\Program Files\Realtek
2007-12-29 11:29 . 2007-12-29 11:29 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\InstallShield
2007-12-29 11:29 . 2007-12-29 11:29 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\InstallShield
2007-12-28 20:09 . 1998-06-17 21:00 89,360 -ra------ C:\WINDOWS\system32\VB5DB.DLL
2007-12-28 20:09 . 2000-03-17 05:21 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll
2007-12-28 20:09 . 2000-03-17 05:21 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll
2007-12-28 20:09 . 2002-04-24 09:43 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca
2007-12-28 20:09 . 2002-04-09 14:23 29,184 -ra------ C:\WINDOWS\system32\MSINET.oca
2007-12-28 20:09 . 2002-10-17 07:35 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe
2007-12-27 21:09 . 2007-12-31 11:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-27 21:09 . 2007-12-27 21:09 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-27 10:33 . 2007-12-27 18:17 56 --a------ C:\WINDOWS\system32\S-1-5-21-0094400A
2007-12-26 17:06 . 2007-12-26 18:15 <DIR> d-------- C:\audiograbber
2007-12-26 16:49 . 2007-12-26 18:15 34 --a------ C:\WINDOWS\cdplayer.ini
2007-12-26 16:27 . 2001-03-23 16:29 880,912 --a------ C:\WINDOWS\WM8EUTIL.exe
2007-12-25 22:23 . 2007-12-25 22:23 <DIR> d-------- C:\Documents and Settings\Uživatel\WINDOWS
2007-12-25 22:23 . 2007-12-25 22:23 <DIR> d-------- C:\Documents and Settings\Uživatel\WINDOWS
2007-12-25 21:18 . 2007-12-25 21:18 24 ---hs---- C:\WINDOWS\SCEC2B874.tmp
2007-12-25 21:15 . 2007-12-25 21:15 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\SlySoft
2007-12-25 21:15 . 2007-12-25 21:15 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\SlySoft
2007-12-25 10:21 . 2007-12-25 10:22 <DIR> d-------- C:\Program Files\Labtec
2007-12-25 10:21 . 2007-12-25 10:22 6,205 --a------ C:\WINDOWS\system\Kbdvx32a.vxd
2007-12-24 07:33 . 2008-01-01 14:16 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\DAEMON Tools
2007-12-24 07:33 . 2008-01-01 14:16 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\DAEMON Tools
2007-12-23 23:35 . 2007-12-23 23:35 5,154,304 --a------ C:\WindowsDefender.msi
2007-12-23 19:40 . 2007-10-11 00:50 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-23 19:40 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-23 19:40 . 2007-07-01 04:36 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-23 19:40 . 2007-10-11 00:50 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-23 19:40 . 2007-10-11 00:50 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-23 19:40 . 2007-10-11 00:50 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-23 19:40 . 2007-10-11 00:50 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-23 19:40 . 2007-10-11 00:50 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-23 19:40 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-23 18:21 . 2007-12-23 18:22 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-12-23 18:21 . 2007-12-23 18:22 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-12-18 06:29 . 2007-12-18 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Avg7
2007-12-18 05:00 . 2007-12-18 05:00 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-18 05:00 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-12-18 05:00 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-18 05:00 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-18 05:00 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-18 05:00 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-18 05:00 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-18 05:00 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-18 05:00 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-18 05:00 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-15 18:36 . 2007-12-15 18:36 <DIR> d-------- C:\Program Files\ffdshow
2007-12-15 18:36 . 2007-12-15 18:36 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2007-12-15 18:36 . 2007-12-15 18:36 33,533 --a------ C:\WINDOWS\system32\CoreVorbis-uninstall.exe
2007-12-15 18:35 . 2007-12-15 18:35 <DIR> d-------- C:\Program Files\XviD
2007-12-15 18:35 . 2007-12-15 18:35 <DIR> d-------- C:\Program Files\Morgan
2007-12-15 18:35 . 2007-12-15 18:35 <DIR> d-------- C:\Program Files\AC3Filter
2007-12-15 18:34 . 2007-12-15 18:34 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-15 18:26 . 2007-12-15 18:26 56 -r-hs---- C:\WINDOWS\system32\9E765C5CCF.sys
2007-12-09 21:31 . 2007-12-09 21:31 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\NASA
2007-12-09 21:31 . 2007-12-09 21:31 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\NASA
2007-12-09 21:29 . 2007-12-09 21:29 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-08 15:02 . 2007-12-08 15:02 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\WebCompiler3
2007-12-08 15:02 . 2007-12-08 15:02 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\WebCompiler3
2007-12-08 14:58 . 2007-12-08 14:58 <DIR> d-------- C:\Program Files\MP3Dancer
2007-12-08 14:58 . 2007-12-08 14:58 <DIR> d-------- C:\Program Files\Common Files\Totem Shared
2007-12-07 22:59 . 2007-12-09 21:31 <DIR> d-------- C:\Program Files\uTorrent
2007-12-07 20:05 . 2004-08-17 14:49 23,552 --a------ C:\WINDOWS\system32\OLD73.tmp
2007-12-07 20:05 . 2004-08-17 15:49 4,096 --a------ C:\WINDOWS\system32\OLD3D.tmp
2007-12-07 06:57 . 2007-12-07 06:57 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\Talkback
2007-12-07 06:57 . 2007-12-07 06:57 <DIR> d-------- C:\Documents and Settings\Uživatel\Data aplikací\Talkback
2007-12-06 12:37 . 2007-12-07 06:21 7,780 --a------ C:\Documents and Settings\Uživatel\FMCodec.dat
2007-12-06 12:37 . 2007-12-07 06:21 7,780 --a------ C:\Documents and Settings\Uživatel\FMCodec.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 10:44 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\Skype
2008-01-05 10:44 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\Skype
2008-01-05 10:41 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\skypePM
2008-01-05 10:41 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\skypePM
2008-01-03 19:57 --------- d-----w C:\Program Files\DivX
2008-01-02 18:01 --------- d-----w C:\Program Files\ICQToolbar
2008-01-02 12:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 10:25 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\uTorrent
2008-01-02 10:25 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\uTorrent
2007-12-30 08:47 --------- d-----w C:\Program Files\Bonjour
2007-12-24 21:56 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-18 05:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-18 05:55 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-15 17:24 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-12-15 17:23 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-12 15:22 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-12-12 11:20 --------- d-----w C:\Program Files\Seznam DVD
2007-12-08 16:39 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-01 21:51 --------- d-----w C:\Program Files\Winamp
2007-11-29 16:23 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2007-11-28 16:20 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\eBookPro6
2007-11-28 16:20 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\eBookPro6
2007-11-27 19:13 22,328 ----a-w C:\Documents and Settings\Uživatel\Data aplikací\PnkBstrK.sys
2007-11-27 19:13 22,328 ----a-w C:\Documents and Settings\Uživatel\Data aplikací\PnkBstrK.sys
2007-11-27 16:34 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\QuickTime
2007-11-19 16:30 --------- d-----w C:\Program Files\Common Files\DirectX
2007-11-19 16:22 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 14:48 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-11 14:48 --------- d--h--r C:\Documents and Settings\Uživatel\Data aplikací\SecuROM
2007-11-11 14:48 --------- d--h--r C:\Documents and Settings\Uživatel\Data aplikací\SecuROM
2007-11-11 11:59 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\DeskSoft
2007-11-11 11:59 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\DeskSoft
2007-11-07 18:50 --------- d-----w C:\Program Files\Common Files\Micropro
2007-11-07 18:34 --------- d-----w C:\Program Files\Micropro
2007-11-06 16:06 --------- d-----w C:\Program Files\CyberLink
2007-11-06 15:33 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\ACD Systems
2007-11-06 15:33 --------- d-----w C:\Documents and Settings\Uživatel\Data aplikací\ACD Systems
2007-11-06 15:32 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2007-11-06 15:32 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-11-06 15:32 --------- d-----w C:\Program Files\ACD Systems
2007-11-06 15:32 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ACD Systems
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 16:15 491,520 ----a-w C:\WINDOWS\WebIE.dll
2007-10-22 16:15 45,056 ----a-w C:\WINDOWS\TRNOEH.DLL
2007-10-22 16:15 356,352 ----a-w C:\WINDOWS\TrnOutl.dll
2007-10-22 16:15 294,912 ----a-w C:\WINDOWS\TrnWord.dll
2007-10-22 16:15 26,624 ----a-w C:\WINDOWS\OETRN.EXE
2007-10-22 16:15 200,704 ----a-w C:\WINDOWS\TRNOET.DLL
2007-10-22 16:14 516,096 ----a-w C:\WINDOWS\UN32.EXE
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\S-1-5-21-0094400A ----

C:\WINDOWS\system32\S-1-5-21-0094400A\

((((((((((((((((((((((((((((( snapshot@2008-01-01_17.09.57.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-05 06:42:57 25,622 ----a-r C:\WINDOWS\Installer\{0A2A5039-B37F-489D-B1DC-A5258DF9E697}\fifapc.exe
+ 2008-01-03 09:46:33 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-01-03 09:46:33 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-01-03 09:46:33 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2005-09-26 10:05:06 286,720 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
+ 2005-09-26 10:05:06 81,920 ----a-w C:\WINDOWS\system32\drivers\khips.sys
- 2007-12-31 16:58:12 82,476 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2008-01-01 17:26:32 82,476 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2007-12-31 16:58:12 71,046 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-01 17:26:32 71,046 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-31 16:58:12 435,922 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2008-01-01 17:26:32 435,922 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2007-12-31 16:58:12 438,960 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-01 17:26:32 438,960 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-05 10:39:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_68c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2005-02-26 01:28 212992]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-10 08:44 94208]
"WEBTRAN"="" []
"OEXPRESS"="" []
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-29 13:05 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"AGRSMMSG"="AGRSMMSG.exe" [2002-09-25 11:44 87751 C:\WINDOWS\AGRSMMSG.exe]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-06-10 11:54 286720]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\Desktop\V5.1\moffice.exe" [2007-12-25 10:21 958464]
"OFFICEKB"="C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2007-12-25 10:22 387584]
"NWEReboot"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 16:49 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
C:\Program Files\lg_fwupdate\fwupdate.exe blrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 11:05]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 11:05]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
R3 snpstd2;VideoCAM Look;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 11:49]
S1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-10-23 09:05]
S2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-10-23 09:09]
S2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-10-23 09:09]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-10-23 09:08]
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-10-23 09:07]
S3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-10-23 09:08]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 11:49:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 11:51:07
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-05 10:51:01
C:\qoobox\ComboFix2.txt 2008-01-04 10:27:10
C:\qoobox\ComboFix3.txt 2008-01-03 10:20:53
C:\qoobox\ComboFix4.txt 2008-01-01 16:10:12
.
2007-12-31 00:05:39 --- E O F ---

Příspěvekod **fredik** » 05 led 2008 19:45

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u (mezi comobofix a /u musí být mezera) a dej Ok.

Máš ještě nějaké problémy?

tamagoci · Příspěvekod **tamagoci** » 06 led 2008 00:01

Děkuju moc za pomoc,bratr už si nestěžuje.Chodí to v pohodě..

Prosím o kontrolu, infikované PC(vyřešeno) Vyřešeno

Prosím o kontrolu, infikované PC(vyřešeno) Vyřešeno

Problém vyřešen

Kdo je online