winlogon.exe + isass.exe :(

MatNi · Příspěvekod **MatNi** » 08 dub 2008 00:21

Omlouvám se, jestli bude něco nesprávně napsáno (což asi bude)-pořát se učíme, že?
Včera se mi podařilo pustit dle NODu čistý exáč, opak byl ale pravdou...od té chvíle mi NOD neustále hlásí:

První proces Issas.exe, používá u mě používá dle Nodu infikovanou knihovnu pmnnnMef.dll("Win32/Adware.Virtumonde.FP aplikace"). Je uložená v WINDOWS\System32\, po bootu ji navíc hodí do operační paměti. Nevím, co tento proces páchá, když je čistý, nevím ani co páchá teď. CPU to nežere..nic...jen NOD je z něj na prášky a já taky nemám zrovna super pocit, když mi co půl minuty vyskočí todle okno...
pmnnnMef.dll jsem zkoušel smazat ve winech-nejde. Potom přez nějakou tu konzoli spuštěnou z instalačního CD od winů příkazy attrib -R system32\pmnnnMef.dll del system32\pmnnnMef.dll spuštěných z vymaz.txt. Bez výsledku. Ne že by se ta knihovna obnovila, ale ona se ani nesmazala..datum vytvoření je pořát stejné-ta doba, kdy sem pustil ten exe soubor...I NOD mi navrhoval smazání, ale taky nefungovalo->nevim co s tim.

Zato Druhý proces, winlogon.exe, už páchá bordel :)
Co vteřinu udělá cca 5 změn v registru-zapisuje mi to Ad-Aware (Ad-Watch konkrétně). Předtím psal i jinačí věci, nej jen ImagePID:632-předtim i 640....
Opět využívá, řekl bych, nadstandartní knihovnu, tentokrát geBuVPGY.dll .
Zkoušel jsem to fixnout-bezezměny-po opětovném scanu je tam znova.

Klidně experimentovat budu, zaloha+format+reinstall mi velky prolem nedělá :smile:

Přikládám ještě log z HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:11:55, on 8.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
D:\xampp\apache\bin\apache.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
D:\xampp\mysql\bin\mysqld-nt.exe
D:\xampp\apache\bin\apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7CE67716-5803-4FB7-B344-0C7A17F93B5D} - C:\WINDOWS\system32\geBuVPGY.dll
O2 - BHO: (no name) - {AA9D1379-342B-49B7-8D12-0657A046F9B7} - C:\WINDOWS\system32\pmnnnMef.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [e0262a66] rundll32.exe "C:\WINDOWS\system32\hpqvxuee.dll",b
O4 - HKLM\..\Run: [BMe31519fa] Rundll32.exe "C:\WINDOWS\system32\twsuvsxq.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\windows\hry\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{967483D1-E3AB-4F00-BB7E-29FE72B30ADD}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: geBuVPGY - C:\WINDOWS\SYSTEM32\geBuVPGY.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampp\apache\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8798 bytes

Řekl bych, že
O2 - BHO: (no name) - {7CE67716-5803-4FB7-B344-0C7A17F93B5D} - C:\WINDOWS\system32\geBuVPGY.dll
O2 - BHO: (no name) - {AA9D1379-342B-49B7-8D12-0657A046F9B7} - C:\WINDOWS\system32\pmnnnMef.dll
tam nemají co dělat.
Jo a tenhle
O20 - Winlogon Notify: geBuVPGY - C:\WINDOWS\SYSTEM32\geBuVPGY.dll
jsem zkoušel fixnout.

Tak to je snad vše, díky moc za jakoukoliv radu a docela na vás spoléhám :) ..nevím kdo jiný by mi mohl pomoct.

Edit: upravena diakritika + smazani [code] tagů-prý se to líp čte :smile:

Reklama

paul27 · Příspěvekod **paul27** » 08 dub 2008 18:50

Zdravím.

Máte pravdu s těmi řádky z HJT, ale všechno to není.

1.- použijte tyto dva prográmky http://www.viry.cz/forum/viewtopic.php?t=16634

2.- Stáhněte a uložte na plochu ComboFix:

Spusťte aplikaci pod účtem Správce počítače - zavřete všechny spuštěné programy (webový prohlížeč, messenger ap.) - následuje licenční ujednání, klikněte na Ano - začne se testovat (celá akce trvá cca. 5-10 minut, někdy i trochu déle) - během skenu se nepokoušejte spouštět žádne jiné aplikace a neklikejte do okna ComboFixu - po dokončení se automaticky otevře okno poznámkového bloku s textem (pokud se tak nestane, log je v C:\ComboFix.txt), který sem pomocí známých klávesových zkratek Ctrl + A (označení celého textu) -> Ctrl + C (uložení do jakési schránky) -> Ctrl + V (vložení textu) zkopírujte - a počkejte na další postup

VAROVÁNÍ: Pokud se vám zobrazí "CRITICAL WARNING !!" nesmíte restartovat počítač, o varování napište.
VAROVÁNÍ2: Je možné, že při testu budou různé bezpečnostní programy hlásit neoprávněný pokus o smazání daného souboru či něco jiného. Povolte jejich případné dotazy nebo na dobu scanu úplně vypněte rezidentní modul daného programu.

3.- Pročistěte CCleanerem a pošlete log z ComboFix (viz. bod výše) a nový HijackThis log.

MatNi · Příspěvekod **MatNi** » 08 dub 2008 21:32

Tak jo, díky moc za rady :smile:

ovšem je tu zádrhel...bohužel je už program VirtumundoBegone smazaný. Je možný jeho reup? Nebo přímo poslání přez ICQ? (264154615) e-mail? matni@email.cz Zkoušel jsem i google ale nerad bych stáhnul něco jiného, než co to mělo být/v horším příípadě i nějaký vir

Díky moc.
Zatím můj postup...screen Vundofixu je po scanu, screen erroru je po úspěšném odstranění 1 knihovny..po opětovném scanu nalézá už jen geBuVPGY.dll, který se nedaří odstranit...na něj bude nejspíš třeba ten "VirtumundoBegone"...tak jako tak mi je divné, že nenašel pmnnnMef.dll zmiňovaný NODem...
btw v nouzovém režimu jsemještě nikdy nebyl..bude lepší, když si o tom něco přečtu-wiki/google? Opravdu děkuji moc za help :bigups:

paul27 · Příspěvekod **paul27** » 08 dub 2008 21:57

Ok, myslel jsem si, že tyto dva prográmky na tu havěť nebudou stačit, proto jsem napsal ještě o CF - pošlete tedy log podle výše uvedeného návodu z ComboFixu, smazat to můžem i přes něj.

Jinak nouzový režim není nic čeho by jste se měl bát, je to v podstatě stejné jako v normálním režimu, akorát je horší grafické zpracování (vzhled bych přirovnal k W98) a neběží většina služeb, ... jako v normálním režimu. Přečíst si o tom něco můžete, to je jen dobře.

Bohužel jak tak koukám na hodiny, tak budu muset jít spát, protože ráno brzy vstávám. Zítra určitě přijdu a dořešíme to. :lookround:

MatNi · Příspěvekod **MatNi** » 08 dub 2008 22:28

Po projetí ComboFixem NOD hlásí místo pmnnnMef.dll PMNNNMEF.dll a ustaly změny v registru!

ComboFix 08-04-08.4 - Všichni 2008-04-08 22:09:11.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.511 [GMT 2:00]
Running from: C:\Documents and Settings\Všichni\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: Windir.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMe31519fa.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\feMnnnmp.ini
C:\WINDOWS\system32\feMnnnmp.ini2
C:\WINDOWS\system32\geBuVPGY.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\twsuvsxq.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-08 to 2008-04-08 )))))))))))))))))))))))))))))))
.

2008-04-08 21:22 . 2008-04-08 21:22 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-04-08 20:00 . 2008-04-08 21:21 <DIR> d-------- C:\VundoFix Backups
2008-04-07 23:07 . 2008-04-07 23:07 <DIR> d-------- C:\Program Files\Resource Kit
2008-04-07 05:17 . 2008-04-07 05:17 <DIR> d-------- C:\Program Files\Nero
2008-04-07 05:17 . 2008-04-07 05:18 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-07 04:33 . 2008-04-07 04:33 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-04-07 03:30 . 2008-04-07 03:30 <DIR> d-------- C:\Program Files\CCleaner
2008-04-07 02:40 . 2008-04-07 02:40 268,288 --a------ C:\WINDOWS\system32\pmnnnMef.dll
2008-04-05 23:38 . 2008-04-05 23:45 <DIR> d-------- C:\Program Files\Teamspeak2 server
2008-04-05 22:56 . 2008-04-05 23:13 <DIR> d-------- C:\Program Files\Ad-Aware 2007
2008-04-05 22:55 . 2008-04-05 22:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 15:07 . 2008-04-05 15:07 <DIR> d-------- C:\Program Files\MonInfo
2008-04-05 02:24 . 2008-04-05 02:24 0 --a------ C:\WINDOWS\mpegableX4live.INI
2008-04-05 01:41 . 2008-04-05 01:41 <DIR> d-------- C:\Program Files\mpegable
2008-04-05 01:41 . 2008-04-05 01:41 47,104 --------- C:\WINDOWS\AKDeInstall.exe
2008-04-05 01:21 . 2008-04-05 01:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 01:21 . 2008-04-05 01:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 13:43 . 2008-04-04 13:43 <DIR> dr------- C:\Documents and Settings\LocalService\Oblˇben‚ polo§ky
2008-04-04 13:32 . 2008-04-04 13:32 <DIR> d-------- C:\Program Files\MagicTune Premium
2008-04-04 13:32 . 2005-10-21 07:25 13,396 --a------ C:\WINDOWS\system32\drivers\MTictwl.sys
2008-03-26 01:00 . 2008-03-26 01:01 2,969,128 --a------ C:\glglg
2008-03-26 00:56 . 2008-03-26 00:57 1,760,769 --a------ C:\Prison Break 2x21.mpg.idx
2008-03-25 23:42 . 2008-03-26 00:16 1,698,285,568 --a------ C:\Prison Break 2x21.mpg
2008-03-25 23:28 . 2008-03-26 02:57 1,140,767,730 --a------ C:\Prison Break 2x21.avi
2008-03-25 23:15 . 2008-03-26 00:58 <DIR> d-------- C:\Program Files\Avidemux 2.4
2008-03-25 22:48 . 2008-03-25 22:48 <DIR> d-------- C:\Program Files\PSPad
2008-03-25 20:02 . 2008-03-25 20:02 <DIR> d-------- C:\Program Files\Skype
2008-03-25 20:02 . 2008-03-25 20:02 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-25 19:27 . 2004-08-17 15:49 460,800 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-03-25 19:26 . 2004-08-17 15:49 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-03-25 19:25 . 2008-03-25 19:50 <DIR> d-------- C:\Inetpub
2008-03-25 00:34 . 2008-03-25 00:34 <DIR> d-------- C:\Program Files\FreeRAM XP Pro
2008-03-23 13:07 . 2008-03-23 13:07 <DIR> d-------- C:\Program Files\UndeletePlus
2008-03-21 22:09 . 2008-03-21 22:12 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-21 17:49 . 2008-03-21 17:50 <DIR> d-------- C:\Program Files\FLVPlayer
2008-03-20 22:54 . 2008-03-20 22:54 <DIR> d-------- C:\Program Files\Eltima Software
2008-03-17 17:50 . 2008-03-17 17:50 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-03-17 17:50 . 2008-03-17 17:50 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-03-14 02:01 . 2001-09-05 09:55 14,940 -ra------ C:\WINDOWS\system32\drivers\Epiusb.sys
2008-03-14 01:52 . 2008-03-14 01:52 <DIR> d-------- C:\Program Files\Disc2Phone
2008-03-14 01:50 . 2008-03-14 01:50 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-03-14 01:33 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-14 01:33 . 2004-08-04 00:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Documents and Settings\All Users\Documents
2008-03-14 01:28 . 2008-03-14 01:29 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-14 01:28 . 2008-03-14 01:28 6,176 --a------ C:\WINDOWS\system32\drivers\w900cm.sys
2008-03-14 01:28 . 2008-03-14 01:28 5,808 --a------ C:\WINDOWS\system32\drivers\w900wh.sys
2008-03-14 01:22 . 2008-03-14 01:22 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 20:07 --------- d-----w C:\Program Files\FlashGet
2008-04-08 12:16 --------- d-----w C:\Program Files\ESET
2008-04-05 21:37 --------- d-----w C:\Program Files\Teamspeak2
2008-04-04 11:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 23:05 --------- d-----w C:\Program Files\QIP Infium
2008-03-20 20:39 --------- d-----w C:\Program Files\LimeWire
2008-03-17 16:04 --------- d-----w C:\Program Files\FreeCall
2008-03-05 11:47 --------- d-----w C:\Program Files\ATI Technologies
2008-03-03 10:58 --------- d-----w C:\Program Files\Business Objects
2008-03-03 10:56 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-03-03 10:52 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-03 10:45 --------- d-----w C:\Program Files\Windows Mobile 5.0 SDK R2
2008-03-03 10:45 --------- d-----w C:\Program Files\Microsoft Device Emulator
2008-03-03 10:44 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-03-03 10:44 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-03 10:38 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-03-03 10:35 --------- d-----w C:\Program Files\MSBuild
2008-03-03 10:35 --------- d-----w C:\Program Files\HTML Help Workshop
2008-03-03 10:33 --------- d-----w C:\Program Files\Microsoft SDKs
2008-03-03 10:33 --------- d-----w C:\Program Files\CE Remote Tools
2008-03-03 10:28 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-03-03 10:26 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-03 10:23 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-02 00:24 --------- d-----w C:\Program Files\Defrag Professional
2008-03-01 19:08 --------- d-----w C:\Program Files\Scorpions WinCheater
2008-03-01 17:37 --------- d-----w C:\Program Files\DesetiPrsty
2008-02-29 20:59 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-02-29 20:09 --------- d-----w C:\Program Files\Pcsx2
2008-02-29 16:12 --------- d-----w C:\Program Files\Half-Life Model Viewer
2008-02-27 04:19 --------- d-----w C:\Program Files\SpeedFan
2008-02-26 17:48 --------- d-----w C:\Program Files\WORDreader 3
2008-02-26 15:05 --------- d-----w C:\Program Files\Realtek AC97
2008-02-26 13:15 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-02-26 13:15 --------- d-----w C:\Program Files\Nokia
2008-02-26 13:15 --------- d-----w C:\Program Files\DIFX
2008-02-26 13:15 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-26 13:15 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-24 14:36 --------- d-----w C:\Program Files\directx
2008-02-23 21:05 --------- d-----w C:\Program Files\ATITool
2008-02-23 15:51 --------- d-----w C:\Program Files\GoQ - NetRadio
2008-02-23 11:45 --------- d-----w C:\Program Files\AMX Mod X
2008-02-21 19:15 --------- d-----w C:\Program Files\YAMB
2008-02-21 15:48 --------- d-----w C:\Program Files\3GP Video Converter
2008-02-20 22:45 --------- d-----w C:\Program Files\The KMPlayer
2008-02-19 07:38 --------- d-----w C:\Program Files\Rapidown
2008-02-18 18:43 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-11 16:17 --------- d-----w C:\Program Files\DVD Shrink
2008-02-10 22:14 --------- d-----w C:\Program Files\totalcmd
2008-02-09 11:30 --------- d-----w C:\Program Files\CyberLink
2008-02-08 22:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-08 22:02 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-02-08 21:50 --------- d-----w C:\Program Files\Alcohol Soft
2008-02-08 21:03 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-31 23:58 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-28 17:49 8 ----a-w C:\DFIMB.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EEAFC20-7E62-4B17-98EF-69F7BF62622A}]
2008-04-07 02:40 268288 --a------ C:\WINDOWS\system32\pmnnnMef.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"Steam"="d:\windows\hry\steam\steam.exe" [2008-04-06 00:33 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 15:49 110592 C:\WINDOWS\system32\bthprops.cpl]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 11:14 163840]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-28 20:11 949376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"Ad-Watch"="C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe" [2008-01-24 09:22 2476408]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Windows\\Hry\\Counter Strike 1.6\\hl.exe"=
"D:\\Windows\\Hry\\Counter Strike 1.6\\cstrike.exe"=
"D:\\Windows\\Hry\\Counter Strike 1.6\\hlds.exe"=
"C:\\Program Files\\QIP Infium\\infium.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\FreeCall\\FreeCall.exe"=
"D:\\xampp\\apache\\bin\\apache.exe"=
"D:\\xampp\\MercuryMail\\mercury.exe"=
"C:\\Program Files\\Morpheus Ultra\\Morpheus.exe"=
"C:\\Program Files\\Morpheus Ultra\\Softwrap Loader.exe"=
"D:\\Windows\\Hry\\Snowboarding\\Supreme.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Teamspeak2 server\\server_windows.exe"=
"D:\\Windows\\Hry\\Steam\\steamapps\\ivikovy\\ricochet\\hl.exe"=
"D:\\Windows\\Hry\\Steam\\steamapps\\ivikovy\\condition zero\\hl.exe"=
"D:\\Windows\\Hry\\Steam\\steamapps\\ivikovy\\counter-strike\\hl.exe"=
"D:\\Windows\\Hry\\Steam\\steamapps\\ivikovy\\deathmatch classic\\hl.exe"=
"D:\\Windows\\Hry\\Steam\\steamapps\\ivikovy\\day of defeat\\hl.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 12:11]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-03-14 01:22]
R2 Apache2.2;Apache2.2;"D:\xampp\apache\bin\apache.exe" -k runservice []
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 w900bus;Sony Ericsson 900i driver (WDM);C:\WINDOWS\system32\DRIVERS\w900bus.sys [2005-09-27 11:34]
S3 w900mdfl;Sony Ericsson 900i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w900mdfl.sys [2005-09-27 11:34]
S3 w900mdm;Sony Ericsson 900i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w900mdm.sys [2005-09-27 11:34]
S3 w900mgmt;Sony Ericsson 900i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w900mgmt.sys [2005-09-27 11:34]
S3 w900obex;Sony Ericsson 900i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w900obex.sys [2005-09-27 11:34]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"D:\Windows\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b5ddc64-cdc6-11dc-b46b-806d6172696f}]
\Shell\AutoRun\command - G:\setup.exe

*Newly Created Service* - AD-WATCH_REAL-TIME_SCANNER
*Newly Created Service* - AD-WATCH_REGISTRY_FILTER
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 22:13:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
D:\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2008-04-08 22:16:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-08 20:16:00
Adresářů: 12, Volných bajtů: 50,954,620,928
Adres ý…: 15, Volněch bajt…: 50,885,087,232
.
2008-03-14 14:09:17 --- E O F ---

scen se mi zdá, že proběhl nějak nezvykle rychle..snad 4-5 min...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22:12, on 8.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
D:\xampp\apache\bin\apache.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
D:\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
D:\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8EEAFC20-7E62-4B17-98EF-69F7BF62622A} - C:\WINDOWS\system32\pmnnnMef.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\windows\hry\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{967483D1-E3AB-4F00-BB7E-29FE72B30ADD}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampp\apache\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8388 bytes

Yelkinson · Příspěvekod **Yelkinson** » 08 dub 2008 22:35

Aktualizuj si Javu:
- Stáhni si poslení verzi: http://java.sun.com/javase/downloads/index.jsp
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 5 a klikni na tlačítko Download
- Zatrhni možnost kde je napsáno: Accept License Agreement
- Stránka se ti znovu načte.
- Klikni na odkaz pro stažení: Windows Offline Installation, Multi-language a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u5-windows-i586-p.exe, který sis stáhl na začátku.

MatNi · Příspěvekod **MatNi** » 08 dub 2008 22:49

Thx, aktualizováno
Edit: PMNNNMEF.dll se po restartu o5 jmenuje pmnnnMef.dll :smile:

paul27 · Příspěvekod **paul27** » 09 dub 2008 15:20

to Yelkinson: Jsou tam pořád aktivní viry, takže nejdřív odvirovat a až potom ladit k dokonalosti aktualizacema Javy atd.

to MatNi: Je tam aktivní driver, který to zřejmě všechno drží (toho pmnnnMef.dll). Udělej následující, mělo by zabrat:

Přesuňte ComboFix na plochu (pokud ho tam ještě nemáte:)) - otevřete si Poznámkový blok - do něj zkopírujte text z nasledujícího okna:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\pmnnnMef.dll
C:\glglg
C:\WINDOWS\system32\drivers\oreans32.sys

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EEAFC20-7E62-4B17-98EF-69F7BF62622A}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b5ddc64-cdc6-11dc-b46b-806d

Driver::
oreans32

Text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor CFScript.txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor CFScript.txt upusťte - spustí se ComboFix (možná budete muset znova potvrdit licenční podmínky kliknutím na Ano) - a CF začne znova scanovat, nakonci scanování se pokusí CF smazat zadané soubory či něco jiného, co jsme mu zadali - po provedení akce se opět zobrazí okno Poznámkového bloku s textem, který sem zkopírujte a vyčkejte prosím na další rady :)

MatNi · Příspěvekod **MatNi** » 09 dub 2008 16:33

Jetě před puštěním combofixu jsem nechal aktualizovat windowsy a NOD zahlásil, že program MDP.exe (název jen tipuju...vim jen, že byl na 3 písmena, vše velkym, začínal na M a zdá se mi, že v názvu bylo i D ...jedíný tomu podobný aktuálně běžící proces jsem našel MOM.exe...) se pokoušel otevřít ten pmnnnMef.dll
a pak ještě pár minut po začátku combofixu NOD zahlásil tohle

ComboFix 08-04-08.4 - Všichni 2008-04-09 16:10:42.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.565 [GMT 2:00]
Running from: C:\Documents and Settings\Všichni\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Vçichni\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-09 15:57 . 2008-04-09 15:59 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-08 22:46 . 2008-04-08 22:46 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-08 22:46 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-08 21:22 . 2008-04-08 21:22 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-04-08 20:00 . 2008-04-08 21:21 <DIR> d-------- C:\VundoFix Backups
2008-04-07 23:07 . 2008-04-07 23:07 <DIR> d-------- C:\Program Files\Resource Kit
2008-04-07 05:20 . 2008-04-07 05:20 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Ahead
2008-04-07 05:20 . 2008-04-07 05:20 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Ahead
2008-04-07 05:20 . 2008-04-07 05:20 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Ahead
2008-04-07 05:19 . 2008-04-07 05:19 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Ahead
2008-04-07 05:17 . 2008-04-07 05:17 <DIR> d-------- C:\Program Files\Nero
2008-04-07 05:17 . 2008-04-07 05:18 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-07 04:33 . 2008-04-07 04:33 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-04-07 03:30 . 2008-04-07 03:30 <DIR> d-------- C:\Program Files\CCleaner
2008-04-07 02:40 . 2008-04-07 02:40 268,288 --a------ C:\WINDOWS\system32\pmnnnMef.dll
2008-04-07 02:13 . 2008-04-07 02:13 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Nero
2008-04-07 02:13 . 2008-04-07 02:13 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Nero
2008-04-07 02:13 . 2008-04-07 02:13 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Nero
2008-04-07 02:07 . 2008-04-07 02:07 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Nero
2008-04-05 23:38 . 2008-04-05 23:45 <DIR> d-------- C:\Program Files\Teamspeak2 server
2008-04-05 22:56 . 2008-04-05 23:13 <DIR> d-------- C:\Program Files\Ad-Aware 2007
2008-04-05 22:56 . 2008-04-05 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-04-05 22:55 . 2008-04-05 22:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 15:07 . 2008-04-05 15:07 <DIR> d-------- C:\Program Files\MonInfo
2008-04-05 02:24 . 2008-04-05 02:24 0 --a------ C:\WINDOWS\mpegableX4live.INI
2008-04-05 01:41 . 2008-04-05 01:41 <DIR> d-------- C:\Program Files\mpegable
2008-04-05 01:41 . 2008-04-05 01:41 47,104 --------- C:\WINDOWS\AKDeInstall.exe
2008-04-05 01:21 . 2008-04-05 01:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 01:21 . 2008-04-05 01:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 13:43 . 2008-04-04 13:43 <DIR> dr------- C:\Documents and Settings\LocalService\Oblíbené položky
2008-04-04 13:43 . 2008-04-04 13:43 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\Talkback
2008-04-04 13:06 . 2008-04-04 13:36 <DIR> d-------- C:\Documents and Settings\Všichni\JScreenFix
2008-04-04 13:06 . 2008-04-04 13:36 <DIR> d-------- C:\Documents and Settings\Všichni\JScreenFix
2008-03-26 01:00 . 2008-03-26 01:01 2,969,128 --a------ C:\glglg
2008-03-26 00:56 . 2008-03-26 00:57 1,760,769 --a------ C:\Prison Break 2x21.mpg.idx
2008-03-25 23:42 . 2008-03-26 00:16 1,698,285,568 --a------ C:\Prison Break 2x21.mpg
2008-03-25 23:28 . 2008-03-26 02:57 1,140,767,730 --a------ C:\Prison Break 2x21.avi
2008-03-25 23:15 . 2008-03-26 00:58 <DIR> d-------- C:\Program Files\Avidemux 2.4
2008-03-25 22:57 . 2008-03-26 00:58 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\gtk-2.0
2008-03-25 22:57 . 2008-03-26 00:58 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\gtk-2.0
2008-03-25 22:57 . 2008-03-26 00:58 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\gtk-2.0
2008-03-25 22:51 . 2008-03-25 22:59 <DIR> d-------- C:\Documents and Settings\Všichni\avidemux
2008-03-25 22:51 . 2008-03-25 22:59 <DIR> d-------- C:\Documents and Settings\Všichni\avidemux
2008-03-25 22:48 . 2008-03-25 22:48 <DIR> d-------- C:\Program Files\PSPad
2008-03-25 20:03 . 2008-03-25 20:03 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\skypePM
2008-03-25 20:03 . 2008-03-25 20:03 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\skypePM
2008-03-25 20:03 . 2008-03-25 20:03 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\skypePM
2008-03-25 20:03 . 2008-03-25 20:03 32 --a------ C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-03-25 20:02 . 2008-03-25 20:02 <DIR> d-------- C:\Program Files\Skype
2008-03-25 20:02 . 2008-03-25 20:02 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-25 20:02 . 2008-03-25 23:02 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Skype
2008-03-25 20:02 . 2008-03-25 23:02 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Skype
2008-03-25 20:02 . 2008-03-25 23:02 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Skype
2008-03-25 20:02 . 2008-03-25 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2008-03-25 19:27 . 2004-08-17 15:49 460,800 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-03-25 19:26 . 2004-08-17 15:49 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-03-25 19:25 . 2008-03-25 19:50 <DIR> d-------- C:\Inetpub
2008-03-25 00:34 . 2008-03-25 00:34 <DIR> d-------- C:\Program Files\FreeRAM XP Pro
2008-03-23 13:07 . 2008-03-23 13:07 <DIR> d-------- C:\Program Files\UndeletePlus
2008-03-21 22:09 . 2008-03-21 22:12 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-21 17:49 . 2008-03-21 17:50 <DIR> d-------- C:\Program Files\FLVPlayer
2008-03-21 16:18 . 2008-03-22 01:00 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-03-20 22:54 . 2008-03-20 22:54 <DIR> d-------- C:\Program Files\Eltima Software
2008-03-20 22:54 . 2008-03-20 22:54 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Eltima Software
2008-03-20 22:54 . 2008-03-20 22:54 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Eltima Software
2008-03-20 22:54 . 2008-03-20 22:54 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Eltima Software
2008-03-20 22:25 . 2008-03-20 22:26 <DIR> d-------- C:\Program Files\eMule
2008-03-17 17:51 . 2008-03-17 18:01 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Morpheus Ultra
2008-03-17 17:51 . 2008-03-17 18:01 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Morpheus Ultra
2008-03-17 17:51 . 2008-03-17 18:01 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Morpheus Ultra
2008-03-17 17:51 . 2008-03-17 17:54 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Morpheus
2008-03-17 17:51 . 2008-03-17 17:54 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Morpheus
2008-03-17 17:51 . 2008-03-17 17:54 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Morpheus
2008-03-17 17:50 . 2008-03-20 22:41 <DIR> d-------- C:\Program Files\Morpheus Ultra
2008-03-17 17:50 . 2008-03-17 17:50 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-03-17 17:50 . 2008-03-17 17:50 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-03-14 14:29 . 2008-03-14 14:29 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Nokia Multimedia Player
2008-03-14 14:29 . 2008-03-14 14:29 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Nokia Multimedia Player
2008-03-14 14:29 . 2008-03-14 14:29 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Nokia Multimedia Player
2008-03-14 02:01 . 2001-09-05 09:55 14,940 -ra------ C:\WINDOWS\system32\drivers\Epiusb.sys
2008-03-14 01:57 . 2008-03-14 01:57 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Sony Ericsson
2008-03-14 01:57 . 2008-03-14 01:57 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Sony Ericsson
2008-03-14 01:57 . 2008-03-14 01:57 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Sony Ericsson
2008-03-14 01:52 . 2008-03-14 01:52 <DIR> d-------- C:\Program Files\Disc2Phone
2008-03-14 01:50 . 2008-03-14 01:50 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-03-14 01:33 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-14 01:33 . 2004-08-04 00:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Teleca
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Teleca
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Teleca
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Documents and Settings\All Users\Documents
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Teleca
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2008-03-14 01:28 . 2008-03-14 01:29 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-14 01:28 . 2008-03-14 01:28 6,176 --a------ C:\WINDOWS\system32\drivers\w900cm.sys
2008-03-14 01:28 . 2008-03-14 01:28 5,808 --a------ C:\WINDOWS\system32\drivers\w900wh.sys
2008-03-14 01:22 . 2008-03-14 01:22 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 20:46 --------- d-----w C:\Program Files\Java
2008-04-08 20:40 --------- d-----w C:\Program Files\FlashGet
2008-04-08 12:16 --------- d-----w C:\Program Files\ESET
2008-04-05 21:37 --------- d-----w C:\Program Files\Teamspeak2
2008-04-04 19:44 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\MyPhoneExplorer
2008-04-04 19:44 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\MyPhoneExplorer
2008-04-04 19:44 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\MyPhoneExplorer
2008-04-04 11:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 23:05 --------- d-----w C:\Program Files\QIP Infium
2008-03-20 21:04 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\FreeCall
2008-03-20 21:04 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\FreeCall
2008-03-20 21:04 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\FreeCall
2008-03-20 20:39 --------- d-----w C:\Program Files\LimeWire
2008-03-20 20:39 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\LimeWire
2008-03-20 20:39 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\LimeWire
2008-03-20 20:39 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\LimeWire
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 16:04 --------- d-----w C:\Program Files\FreeCall
2008-03-07 02:11 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-03-07 02:11 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-03-05 11:50 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ATI
2008-03-05 11:47 --------- d-----w C:\Program Files\ATI Technologies
2008-03-03 10:58 --------- d-----w C:\Program Files\Business Objects
2008-03-03 10:56 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-03-03 10:52 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-03 10:45 --------- d-----w C:\Program Files\Windows Mobile 5.0 SDK R2
2008-03-03 10:45 --------- d-----w C:\Program Files\Microsoft Device Emulator
2008-03-03 10:44 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-03-03 10:44 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-03 10:42 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-03-03 10:38 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-03-03 10:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\PreEmptive Solutions
2008-03-03 10:35 --------- d-----w C:\Program Files\MSBuild
2008-03-03 10:35 --------- d-----w C:\Program Files\HTML Help Workshop
2008-03-03 10:33 --------- d-----w C:\Program Files\Microsoft SDKs
2008-03-03 10:33 --------- d-----w C:\Program Files\CE Remote Tools
2008-03-03 10:28 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-03-03 10:26 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-03 10:23 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-02 00:24 --------- d-----w C:\Program Files\Defrag Professional
2008-03-01 19:08 --------- d-----w C:\Program Files\Scorpions WinCheater
2008-03-01 17:37 --------- d-----w C:\Program Files\DesetiPrsty
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-29 20:59 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-02-29 20:09 --------- d-----w C:\Program Files\Pcsx2
2008-02-29 16:12 --------- d-----w C:\Program Files\Half-Life Model Viewer
2008-02-27 04:19 --------- d-----w C:\Program Files\SpeedFan
2008-02-27 03:44 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\teamspeak2
2008-02-27 03:44 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\teamspeak2
2008-02-27 03:44 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\teamspeak2
2008-02-26 17:48 --------- d-----w C:\Program Files\WORDreader 3
2008-02-26 15:05 --------- d-----w C:\Program Files\Realtek AC97
2008-02-26 13:17 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\PC Suite
2008-02-26 13:17 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\PC Suite
2008-02-26 13:17 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\PC Suite
2008-02-26 13:16 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\PC Suite
2008-02-26 13:15 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-02-26 13:15 --------- d-----w C:\Program Files\Nokia
2008-02-26 13:15 --------- d-----w C:\Program Files\DIFX
2008-02-26 13:15 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-26 13:15 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-26 13:15 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\Nokia
2008-02-26 13:15 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\Nokia
2008-02-26 13:15 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\Nokia
2008-02-26 13:14 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Installations
2008-02-24 14:36 --------- d-----w C:\Program Files\directx
2008-02-23 21:05 --------- d-----w C:\Program Files\ATITool
2008-02-23 15:51 --------- d-----w C:\Program Files\GoQ - NetRadio
2008-02-23 11:45 --------- d-----w C:\Program Files\AMX Mod X
2008-02-21 19:15 --------- d-----w C:\Program Files\YAMB
2008-02-21 15:48 --------- d-----w C:\Program Files\3GP Video Converter
2008-02-20 22:45 --------- d-----w C:\Program Files\The KMPlayer
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-19 07:38 --------- d-----w C:\Program Files\Rapidown
2008-02-18 18:43 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-12 17:45 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-02-11 16:17 --------- d-----w C:\Program Files\DVD Shrink
2008-02-10 22:14 --------- d-----w C:\Program Files\totalcmd
2008-02-09 11:32 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\CyberLink
2008-02-09 11:32 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\CyberLink
2008-02-09 11:32 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\CyberLink
2008-02-09 11:30 --------- d-----w C:\Program Files\CyberLink
2008-02-09 11:30 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\CyberLink
2008-01-31 23:58 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-28 18:11 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-01-28 17:49 8 ----a-w C:\DFIMB.DAT
2008-01-22 20:44 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-01-22 20:43 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-01-22 20:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-01-22 20:36 9,949,184 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-01-22 20:35 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-01-22 20:35 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-01-22 20:35 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-01-22 20:34 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-01-22 20:33 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-01-22 20:25 3,121,920 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-01-22 20:14 1,664,256 ----a-w C:\WINDOWS\system32\ativvaxx.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-08_22.15.51.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-07 02:14:03 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 22:57:09 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:14:03 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:14:03 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:14:03 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 10:59:14 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:14:03 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:14:03 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:14:03 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:14:03 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:14:04 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:14:04 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:14:05 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 10:59:36 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:14:05 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:14:05 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:14:05 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:14:08 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:14:06 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:14:06 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:14:07 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:14:07 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:40:39 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:07:37 215,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:08:50 379,616 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:14:07 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:14:07 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:14:07 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:14:07 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2008-04-08 21:52:49 9,662 ----a-r C:\WINDOWS\Installer\{6D316D67-DA52-4659-9C98-F479963534D6}\ARPPRODUCTICON.exe
+ 2008-04-08 21:52:50 49,152 ----a-r C:\WINDOWS\Installer\{6D316D67-DA52-4659-9C98-F479963534D6}\Launcher.exe_69D2C17280E04638BCEB0788C0D6E2D6.exe
+ 2008-04-08 21:52:50 49,152 ----a-r C:\WINDOWS\Installer\{6D316D67-DA52-4659-9C98-F479963534D6}\Launcher.exe1_E3D9BF331B294900B5782049E8B5ABC9.exe
- 2007-12-07 02:14:03 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:02:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-12-07 02:14:03 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:02:06 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-06-26 17:45:40 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:38:19 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-17 13:49:06 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-02-20 05:38:19 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-12-19 22:57:09 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:02:06 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:14:03 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:02:06 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 02:14:03 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:02:06 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:32:51 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:37 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-12-07 02:14:03 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 13:02:06 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-12-06 10:59:14 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:53:54 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-12-07 02:14:03 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:02:06 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-12-07 02:14:03 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:02:06 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-12-07 02:14:03 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 13:02:06 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-12-07 02:14:03 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:02:07 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-07 02:14:04 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 13:02:07 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-12-07 02:14:04 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:02:07 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-12-07 02:14:05 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 13:02:07 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-12-06 10:59:36 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:54:19 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-12-07 02:14:05 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:02:07 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-12-07 02:14:05 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 13:02:07 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-12-07 02:14:05 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 13:02:07 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-12-08 05:14:08 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-01 16:32:10 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 02:14:06 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:02:08 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-12-07 02:14:06 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:02:08 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 02:14:07 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:02:09 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-12-07 02:14:07 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:02:09 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-01-11 05:40:39 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:02:09 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-12-07 02:14:07 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:02:09 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 02:14:07 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:02:09 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-07 02:14:07 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:02:09 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-03-08 15:36:45 1,843,584 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-20 08:09:45 1,845,248 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-12-07 02:14:07 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:02:09 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-06-26 17:45:40 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:38:19 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-12-19 22:57:09 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:02:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 02:14:03 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:02:06 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 02:14:03 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:02:06 133,120 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-03-03 11:07:37 141,240 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-09 14:05:18 141,240 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-07 02:14:03 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 13:02:06 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-12-06 10:59:14 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:53:54 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-12-07 02:14:03 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:02:06 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2007-12-07 02:14:03 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:02:06 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
- 2007-12-07 02:14:03 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 13:02:06 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-12-07 02:14:03 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:02:07 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2007-12-07 02:14:04 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 13:02:07 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-12-07 02:14:04 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:02:07 44,544 ------w C:\WINDOWS\system32\iernonce.dll
- 2007-12-07 02:14:05 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 13:02:07 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-09-24 21:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-09-24 21:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-24 22:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-12-07 02:14:05 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:02:07 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-12-07 02:14:05 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:02:07 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-12-07 02:14:05 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 13:02:07 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-12-08 05:14:08 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 16:32:10 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 02:14:06 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:02:08 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-12-07 02:14:06 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:02:08 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 02:14:07 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:02:09 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2007-12-07 02:14:07 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:02:09 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-01-11 05:40:39 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:02:09 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-12-07 02:14:07 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:02:09 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 02:14:07 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:02:09 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-12-07 02:14:07 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:02:09 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EEAFC20-7E62-4B17-98EF-69F7BF62622A}]
2008-04-07 02:40 268288 --a------ C:\WINDOWS\system32\pmnnnMef.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"Steam"="d:\windows\hry\steam\steam.exe" [2008-04-06 00:33 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 15:49 110592 C:\WINDOWS\system32\bthprops.cpl]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 11:14 163840]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-28 20:11 949376]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"Ad-Watch"="C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe" [2008-01-24 09:22 2476408]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Windows\\Hry\\Counter Strike 1.6\\hl.exe"=
"D:\\Windows\\Hry\\Counter Strike 1.6\\cstrike.exe"=
"D:\\Windows\\Hry\\Counter Strike 1.6\\hlds.exe"=
"C:\\Program Files\\QIP Infium\\infium.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\FreeCall\\FreeCall.exe"=
"D:\\xampp\\apache\\bin\\apache.exe"=
"D:\\xampp\\MercuryMail\\mercury.exe"=
"C:\\Program Files\\Morpheus Ultra\\Morpheus.exe"=
"C:\\Program Files\\Morpheus Ultra\\Softwrap Loader.exe"=
"D:\\Windows\\Hry\\Snowboarding\\Supreme.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Teamspeak2 server\\server_windows.exe"=
"D:\\Windows\\Hry\\Steam\\steamapps\\ivikovy\\ricochet\\hl.exe"=
"D:\\Windows\\Hry\\Steam\\steamapps\\ivikovy\\condition zero\\hl.exe"=
"D:\\Windows\\Hry\\Steam\\steamapps\\ivikovy\\counter-strike\\hl.exe"=
"D:\\Windows\\Hry\\Steam\\steamapps\\ivikovy\\deathmatch classic\\hl.exe"=
"D:\\Windows\\Hry\\Steam\\steamapps\\ivikovy\\day of defeat\\hl.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 12:11]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-03-14 01:22]
R2 Apache2.2;Apache2.2;"D:\xampp\apache\bin\apache.exe" -k runservice []
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 w900bus;Sony Ericsson 900i driver (WDM);C:\WINDOWS\system32\DRIVERS\w900bus.sys [2005-09-27 11:34]
S3 w900mdfl;Sony Ericsson 900i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w900mdfl.sys [2005-09-27 11:34]
S3 w900mdm;Sony Ericsson 900i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w900mdm.sys [2005-09-27 11:34]
S3 w900mgmt;Sony Ericsson 900i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w900mgmt.sys [2005-09-27 11:34]
S3 w900obex;Sony Ericsson 900i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w900obex.sys [2005-09-27 11:34]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"D:\Windows\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b5ddc64-cdc6-11dc-b46b-806d6172696f}]
\Shell\AutoRun\command - G:\setup.exe

*Newly Created Service* - AD-WATCH_REGISTRY_FILTER
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 16:12:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [2640]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-04-09 16:12:47
ComboFix-quarantined-files.txt 2008-04-09 14:12:39
ComboFix2.txt 2008-04-08 20:16:04
Adresářů: 12, Volných bajtů: 55,915,134,976
Adresářů: 15, Volných bajtů: 55,902,498,816
.
2008-04-09 13:59:30 --- E O F ---

paul27 · Příspěvekod **paul27** » 09 dub 2008 16:42

Zkus to prosím ještě jednou a tímto scriptem:

Kód: Vybrat vše

Driver::
oreans32

File::
C:\glglg
C:\WINDOWS\system32\pmnnnMef.dll
C:\WINDOWS\system32\drivers\oreans32.sys

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EEAFC20-7E62-4B17-98EF-69F7BF62622A}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b5ddc64-cdc6-11dc-b46b-806d

MatNi · Příspěvekod **MatNi** » 09 dub 2008 17:45

poslušně hlásím:

ComboFix 08-04-08.4 - Všichni 2008-04-09 17:39:19.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.561 [GMT 2:00]
Running from: C:\Documents and Settings\Všichni\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Vçichni\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: Windir.dat

((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-09 15:57 . 2008-04-09 15:59 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-08 22:46 . 2008-04-08 22:46 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-08 22:46 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-08 21:22 . 2008-04-08 21:22 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-04-08 20:00 . 2008-04-08 21:21 <DIR> d-------- C:\VundoFix Backups
2008-04-07 23:07 . 2008-04-07 23:07 <DIR> d-------- C:\Program Files\Resource Kit
2008-04-07 05:20 . 2008-04-07 05:20 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Ahead
2008-04-07 05:20 . 2008-04-07 05:20 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Ahead
2008-04-07 05:20 . 2008-04-07 05:20 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Ahead
2008-04-07 05:19 . 2008-04-07 05:19 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Ahead
2008-04-07 05:17 . 2008-04-07 05:17 <DIR> d-------- C:\Program Files\Nero
2008-04-07 05:17 . 2008-04-07 05:18 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-07 04:33 . 2008-04-07 04:33 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-04-07 03:30 . 2008-04-07 03:30 <DIR> d-------- C:\Program Files\CCleaner
2008-04-07 02:13 . 2008-04-07 02:13 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Nero
2008-04-07 02:13 . 2008-04-07 02:13 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Nero
2008-04-07 02:13 . 2008-04-07 02:13 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Nero
2008-04-07 02:07 . 2008-04-07 02:07 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Nero
2008-04-05 23:38 . 2008-04-05 23:45 <DIR> d-------- C:\Program Files\Teamspeak2 server
2008-04-05 22:56 . 2008-04-05 23:13 <DIR> d-------- C:\Program Files\Ad-Aware 2007
2008-04-05 22:56 . 2008-04-05 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-04-05 22:55 . 2008-04-05 22:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 15:07 . 2008-04-05 15:07 <DIR> d-------- C:\Program Files\MonInfo
2008-04-05 02:24 . 2008-04-05 02:24 0 --a------ C:\WINDOWS\mpegableX4live.INI
2008-04-05 01:41 . 2008-04-05 01:41 <DIR> d-------- C:\Program Files\mpegable
2008-04-05 01:41 . 2008-04-05 01:41 47,104 --------- C:\WINDOWS\AKDeInstall.exe
2008-04-05 01:21 . 2008-04-05 01:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 01:21 . 2008-04-05 01:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 13:43 . 2008-04-04 13:43 <DIR> dr------- C:\Documents and Settings\LocalService\Oblíbené položky
2008-04-04 13:43 . 2008-04-04 13:43 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\Talkback
2008-04-04 13:06 . 2008-04-04 13:36 <DIR> d-------- C:\Documents and Settings\Všichni\JScreenFix
2008-04-04 13:06 . 2008-04-04 13:36 <DIR> d-------- C:\Documents and Settings\Všichni\JScreenFix
2008-03-26 01:00 . 2008-03-26 01:01 2,969,128 --a------ C:\glglg
2008-03-26 00:56 . 2008-03-26 00:57 1,760,769 --a------ C:\Prison Break 2x21.mpg.idx
2008-03-25 23:42 . 2008-03-26 00:16 1,698,285,568 --a------ C:\Prison Break 2x21.mpg
2008-03-25 23:28 . 2008-03-26 02:57 1,140,767,730 --a------ C:\Prison Break 2x21.avi
2008-03-25 23:15 . 2008-03-26 00:58 <DIR> d-------- C:\Program Files\Avidemux 2.4
2008-03-25 22:57 . 2008-03-26 00:58 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\gtk-2.0
2008-03-25 22:57 . 2008-03-26 00:58 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\gtk-2.0
2008-03-25 22:57 . 2008-03-26 00:58 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\gtk-2.0
2008-03-25 22:51 . 2008-03-25 22:59 <DIR> d-------- C:\Documents and Settings\Všichni\avidemux
2008-03-25 22:51 . 2008-03-25 22:59 <DIR> d-------- C:\Documents and Settings\Všichni\avidemux
2008-03-25 22:48 . 2008-03-25 22:48 <DIR> d-------- C:\Program Files\PSPad
2008-03-25 20:03 . 2008-03-25 20:03 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\skypePM
2008-03-25 20:03 . 2008-03-25 20:03 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\skypePM
2008-03-25 20:03 . 2008-03-25 20:03 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\skypePM
2008-03-25 20:03 . 2008-03-25 20:03 32 --a------ C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-03-25 20:02 . 2008-03-25 20:02 <DIR> d-------- C:\Program Files\Skype
2008-03-25 20:02 . 2008-03-25 20:02 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-25 20:02 . 2008-03-25 23:02 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Skype
2008-03-25 20:02 . 2008-03-25 23:02 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Skype
2008-03-25 20:02 . 2008-03-25 23:02 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Skype
2008-03-25 20:02 . 2008-03-25 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2008-03-25 19:27 . 2004-08-17 15:49 460,800 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-03-25 19:26 . 2004-08-17 15:49 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-03-25 19:25 . 2008-03-25 19:50 <DIR> d-------- C:\Inetpub
2008-03-25 00:34 . 2008-03-25 00:34 <DIR> d-------- C:\Program Files\FreeRAM XP Pro
2008-03-23 13:07 . 2008-03-23 13:07 <DIR> d-------- C:\Program Files\UndeletePlus
2008-03-21 22:09 . 2008-03-21 22:12 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-21 17:49 . 2008-03-21 17:50 <DIR> d-------- C:\Program Files\FLVPlayer
2008-03-21 16:18 . 2008-03-22 01:00 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-03-20 22:54 . 2008-03-20 22:54 <DIR> d-------- C:\Program Files\Eltima Software
2008-03-20 22:54 . 2008-03-20 22:54 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Eltima Software
2008-03-20 22:54 . 2008-03-20 22:54 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Eltima Software
2008-03-20 22:54 . 2008-03-20 22:54 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Eltima Software
2008-03-20 22:25 . 2008-03-20 22:26 <DIR> d-------- C:\Program Files\eMule
2008-03-17 17:51 . 2008-03-17 18:01 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Morpheus Ultra
2008-03-17 17:51 . 2008-03-17 18:01 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Morpheus Ultra
2008-03-17 17:51 . 2008-03-17 18:01 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Morpheus Ultra
2008-03-17 17:51 . 2008-03-17 17:54 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Morpheus
2008-03-17 17:51 . 2008-03-17 17:54 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Morpheus
2008-03-17 17:51 . 2008-03-17 17:54 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Morpheus
2008-03-17 17:50 . 2008-03-20 22:41 <DIR> d-------- C:\Program Files\Morpheus Ultra
2008-03-17 17:50 . 2008-03-17 17:50 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-03-17 17:50 . 2008-03-17 17:50 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-03-14 14:29 . 2008-03-14 14:29 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Nokia Multimedia Player
2008-03-14 14:29 . 2008-03-14 14:29 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Nokia Multimedia Player
2008-03-14 14:29 . 2008-03-14 14:29 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Nokia Multimedia Player
2008-03-14 02:01 . 2001-09-05 09:55 14,940 -ra------ C:\WINDOWS\system32\drivers\Epiusb.sys
2008-03-14 01:57 . 2008-03-14 01:57 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Sony Ericsson
2008-03-14 01:57 . 2008-03-14 01:57 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Sony Ericsson
2008-03-14 01:57 . 2008-03-14 01:57 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Sony Ericsson
2008-03-14 01:52 . 2008-03-14 01:52 <DIR> d-------- C:\Program Files\Disc2Phone
2008-03-14 01:50 . 2008-03-14 01:50 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-03-14 01:33 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-14 01:33 . 2004-08-04 00:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Teleca
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Teleca
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Documents and Settings\Všichni\Data aplikací\Teleca
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Documents and Settings\All Users\Documents
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Teleca
2008-03-14 01:31 . 2008-03-14 01:31 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2008-03-14 01:28 . 2008-03-14 01:29 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-14 01:28 . 2008-03-14 01:28 6,176 --a------ C:\WINDOWS\system32\drivers\w900cm.sys
2008-03-14 01:28 . 2008-03-14 01:28 5,808 --a------ C:\WINDOWS\system32\drivers\w900wh.sys
2008-03-14 01:22 . 2008-03-14 01:22 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 20:46 --------- d-----w C:\Program Files\Java
2008-04-08 20:40 --------- d-----w C:\Program Files\FlashGet
2008-04-08 12:16 --------- d-----w C:\Program Files\ESET
2008-04-05 21:37 --------- d-----w C:\Program Files\Teamspeak2
2008-04-04 19:44 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\MyPhoneExplorer
2008-04-04 19:44 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\MyPhoneExplorer
2008-04-04 19:44 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\MyPhoneExplorer
2008-04-04 11:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 23:05 --------- d-----w C:\Program Files\QIP Infium
2008-03-20 21:04 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\FreeCall
2008-03-20 21:04 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\FreeCall
2008-03-20 21:04 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\FreeCall
2008-03-20 20:39 --------- d-----w C:\Program Files\LimeWire
2008-03-20 20:39 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\LimeWire
2008-03-20 20:39 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\LimeWire
2008-03-20 20:39 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\LimeWire
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 16:04 --------- d-----w C:\Program Files\FreeCall
2008-03-07 02:11 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-03-07 02:11 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-03-05 11:50 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ATI
2008-03-05 11:47 --------- d-----w C:\Program Files\ATI Technologies
2008-03-03 10:58 --------- d-----w C:\Program Files\Business Objects
2008-03-03 10:56 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-03-03 10:52 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-03 10:45 --------- d-----w C:\Program Files\Windows Mobile 5.0 SDK R2
2008-03-03 10:45 --------- d-----w C:\Program Files\Microsoft Device Emulator
2008-03-03 10:44 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-03-03 10:44 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-03 10:42 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-03-03 10:38 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-03-03 10:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\PreEmptive Solutions
2008-03-03 10:35 --------- d-----w C:\Program Files\MSBuild
2008-03-03 10:35 --------- d-----w C:\Program Files\HTML Help Workshop
2008-03-03 10:33 --------- d-----w C:\Program Files\Microsoft SDKs
2008-03-03 10:33 --------- d-----w C:\Program Files\CE Remote Tools
2008-03-03 10:28 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-03-03 10:26 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-03 10:23 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-02 00:24 --------- d-----w C:\Program Files\Defrag Professional
2008-03-01 19:08 --------- d-----w C:\Program Files\Scorpions WinCheater
2008-03-01 17:37 --------- d-----w C:\Program Files\DesetiPrsty
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-29 20:59 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-02-29 20:09 --------- d-----w C:\Program Files\Pcsx2
2008-02-29 16:12 --------- d-----w C:\Program Files\Half-Life Model Viewer
2008-02-27 04:19 --------- d-----w C:\Program Files\SpeedFan
2008-02-27 03:44 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\teamspeak2
2008-02-27 03:44 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\teamspeak2
2008-02-27 03:44 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\teamspeak2
2008-02-26 17:48 --------- d-----w C:\Program Files\WORDreader 3
2008-02-26 15:05 --------- d-----w C:\Program Files\Realtek AC97
2008-02-26 13:17 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\PC Suite
2008-02-26 13:17 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\PC Suite
2008-02-26 13:17 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\PC Suite
2008-02-26 13:16 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\PC Suite
2008-02-26 13:15 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-02-26 13:15 --------- d-----w C:\Program Files\Nokia
2008-02-26 13:15 --------- d-----w C:\Program Files\DIFX
2008-02-26 13:15 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-26 13:15 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-26 13:15 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\Nokia
2008-02-26 13:15 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\Nokia
2008-02-26 13:15 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\Nokia
2008-02-26 13:14 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Installations
2008-02-24 14:36 --------- d-----w C:\Program Files\directx
2008-02-23 21:05 --------- d-----w C:\Program Files\ATITool
2008-02-23 15:51 --------- d-----w C:\Program Files\GoQ - NetRadio
2008-02-23 11:45 --------- d-----w C:\Program Files\AMX Mod X
2008-02-21 19:15 --------- d-----w C:\Program Files\YAMB
2008-02-21 15:48 --------- d-----w C:\Program Files\3GP Video Converter
2008-02-20 22:45 --------- d-----w C:\Program Files\The KMPlayer
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-19 07:38 --------- d-----w C:\Program Files\Rapidown
2008-02-18 18:43 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-12 17:45 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-02-11 16:17 --------- d-----w C:\Program Files\DVD Shrink
2008-02-10 22:14 --------- d-----w C:\Program Files\totalcmd
2008-02-09 11:32 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\CyberLink
2008-02-09 11:32 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\CyberLink
2008-02-09 11:32 --------- d-----w C:\Documents and Settings\Všichni\Data aplikací\CyberLink
2008-02-09 11:30 --------- d-----w C:\Program Files\CyberLink
2008-02-09 11:30 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\CyberLink
2008-01-31 23:58 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-28 18:11 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-01-28 17:49 8 ----a-w C:\DFIMB.DAT
2008-01-22 20:44 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-01-22 20:43 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-01-22 20:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-01-22 20:36 9,949,184 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-01-22 20:35 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-01-22 20:35 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-01-22 20:35 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-01-22 20:34 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-01-22 20:33 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-01-22 20:25 3,121,920 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-01-22 20:14 1,664,256 ----a-w C:\WINDOWS\system32\ativvaxx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EEAFC20-7E62-4B17-98EF-69F7BF62622A}]
C:\WINDOWS\system32\pmnnnMef.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"Steam"="d:\windows\hry\steam\steam.exe" [2008-04-06 00:33 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 15:49 110592 C:\WINDOWS\system32\bthprops.cpl]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 11:14 163840]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-28 20:11 949376]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"Ad-Watch"="C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe" [2008-01-24 09:22 2476408]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Windows\\Hry\\Counter Strike 1.6\\hl.exe"=
"D:\\Windows\\Hry\\Counter Strike 1.6\\cstrike.exe"=
"D:\\Windows\\Hry\\Counter Strike 1.6\\hlds.exe"=
"C:\\Program Files\\QIP Infium\\infium.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\FreeCall\\FreeCall.exe"=
"D:\\xampp\\apache\\bin\\apache.exe"=
"D:\\xampp\\MercuryMail\\mercury.exe"=
"C:\\Program Files\\Morpheus Ultra\\Morpheus.exe"=
"C:\\Program Files\\Morpheus Ultra\\Softwrap Loader.exe"=
"D:\\Windows\\Hry\\Snowboarding\\Supreme.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Teamspeak2 server\\server_windows.exe"=
"D:\\Windows\\Hry\\Steam\\steamapps\\ivikovy\\ricochet\\hl.exe"=
"D:\\Windows\\Hry\\Steam\\steamapps\\ivikovy\\condition zero\\hl.exe"=
"D:\\Windows\\Hry\\Steam\\steamapps\\ivikovy\\counter-strike\\hl.exe"=
"D:\\Windows\\Hry\\Steam\\steamapps\\ivikovy\\deathmatch classic\\hl.exe"=
"D:\\Windows\\Hry\\Steam\\steamapps\\ivikovy\\day of defeat\\hl.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 12:11]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-03-14 01:22]
R2 Apache2.2;Apache2.2;"D:\xampp\apache\bin\apache.exe" -k runservice []
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 w900bus;Sony Ericsson 900i driver (WDM);C:\WINDOWS\system32\DRIVERS\w900bus.sys [2005-09-27 11:34]
S3 w900mdfl;Sony Ericsson 900i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w900mdfl.sys [2005-09-27 11:34]
S3 w900mdm;Sony Ericsson 900i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w900mdm.sys [2005-09-27 11:34]
S3 w900mgmt;Sony Ericsson 900i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w900mgmt.sys [2005-09-27 11:34]
S3 w900obex;Sony Ericsson 900i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w900obex.sys [2005-09-27 11:34]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"D:\Windows\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b5ddc64-cdc6-11dc-b46b-806d6172696f}]
\Shell\AutoRun\command - G:\setup.exe

*Newly Created Service* - AD-WATCH_REGISTRY_FILTER
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 17:41:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-04-09 17:41:52
ComboFix-quarantined-files.txt 2008-04-09 15:41:44
ComboFix2.txt 2008-04-09 14:12:49
ComboFix3.txt 2008-04-08 20:16:04
Adresářů: 12, Volných bajtů: 55,873,957,888
Adresářů: 15, Volných bajtů: 55,863,136,256
.
2008-04-09 13:59:30 --- E O F ---

paul27 · Příspěvekod **paul27** » 09 dub 2008 19:58

Momentálně je sice nad mé chápáni, proč to CF nesmaže, takže jinak.

Stáhni si Avenger - klikni na ikonku internetu (Load script from internet URL) - do okénka zadej tuto adresu:

Kód: Vybrat vše

http://avenger-script.wz.cz/script_4.txt

- klik na ok - klik na Execute - potvrdit případná varování - po restartu vyjede log, který sem zkopíruj.

winlogon.exe + isass.exe :(

winlogon.exe + isass.exe :(

Re: winlogon.exe + isass.exe :(

Re: winlogon.exe + isass.exe :(

Re: winlogon.exe + isass.exe :(

Re: winlogon.exe + isass.exe :(

Re: winlogon.exe + isass.exe :(

Re: winlogon.exe + isass.exe :(

Re: winlogon.exe + isass.exe :(

Re: winlogon.exe + isass.exe :(

Re: winlogon.exe + isass.exe :(

Re: winlogon.exe + isass.exe :(

Re: winlogon.exe + isass.exe :(

Kdo je online