Mám problém. Do počítače se mi dostal pěknej šmejd. Počítač je moc pomalý a třeba nejde vyhledávat přes google i seznam. Spyware Terminator blokuje 2 procesy "Explorer.exe" a runddl32.exe
Nevím jak na to, zde je HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:16, on 25.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [] Rundll32.exe "C:\WINDOWS\system32\ikrmxgus.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2675817452
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 8442 bytes
Kontrola logu.
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu.
Před použitím ComboFix vypni rezidentní štít ve Spyware Terminátoru:
Spusť Spywater Terminátora, nahoře klikni na ikonu Rezidentní štít
- program se přepne do okna Natavení rezidentního štítu
- tam na záložce Nastavení štítu zruš zatržení u položky: Aktivovat Rezidentní štít
- klikni dole na tlačítko: Uložit změny
- zavři program
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Spusť Spywater Terminátora, nahoře klikni na ikonu Rezidentní štít
- program se přepne do okna Natavení rezidentního štítu
- tam na záložce Nastavení štítu zruš zatržení u položky: Aktivovat Rezidentní štít
- klikni dole na tlačítko: Uložit změny
- zavři program
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Kontrola logu.
ComboFix 08-04-24.1 - Jindra 2008-04-25 20:03:33.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1451 [GMT 2:00]
Running from: C:\Downloads\Software\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AyxHQXyb.ini
C:\WINDOWS\system32\AyxHQXyb.ini2
C:\WINDOWS\system32\cbXQghHY.dll
C:\WINDOWS\system32\CcIllnnn.ini
C:\WINDOWS\system32\CcIllnnn.ini2
C:\WINDOWS\system32\khfDtQIB.dll
C:\WINDOWS\system32\opnonmMf.dll
C:\WINDOWS\system32\wvUoLbAr.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.
2008-04-25 19:39 . 2008-02-10 22:10 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-04-25 19:39 . 2008-02-10 23:05 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-04-25 19:39 . 2008-02-10 23:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-04-25 19:39 . 2008-02-10 23:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-04-25 19:39 . 2008-02-10 23:05 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-04-25 19:39 . 2008-02-10 23:05 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-04-25 19:39 . 2008-02-10 23:05 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-04-25 19:39 . 2008-02-10 23:05 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-04-25 19:39 . 2008-04-25 19:39 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-25 19:39 . 2008-04-25 20:03 1,024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG
2008-04-25 18:59 . 2008-04-25 19:56 384 --a------ C:\WINDOWS\wininit.ini
2008-04-25 18:35 . 2008-04-25 18:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-25 18:34 . 2008-04-25 18:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-25 18:27 . 2008-04-25 18:27 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-25 18:12 . 2008-04-25 18:20 1,505,437 --ahs---- C:\WINDOWS\system32\trmpulkb.ini
2008-04-25 16:46 . 2008-04-25 18:04 1,503,388 --ahs---- C:\WINDOWS\system32\tkqpsbgl.ini
2008-04-25 16:44 . 2008-04-25 19:01 109,789 --a------ C:\WINDOWS\BM173bf689.xml
2008-04-25 00:25 . 2008-04-25 00:25 <DIR> d-------- C:\Program Files\Lonely Cat Games
2008-04-24 13:53 . 2006-04-29 14:25 40,960 --a------ C:\WINDOWS\system32\psfind.dll
2008-04-22 06:51 . 2008-04-23 07:10 <DIR> d-------- C:\Program Files\Tom Clancy's Rainbow Six Vegas
2008-04-21 21:34 . 2008-04-21 21:34 <DIR> d-------- C:\Program Files\Techland
2008-04-20 23:19 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-04-20 23:19 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-04-20 23:19 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-04-20 23:19 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-04-20 23:19 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-04-20 23:19 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-04-20 20:32 . 2008-04-20 20:32 203 --a------ C:\WINDOWS\GSdx9 sse2.INI
2008-04-20 20:31 . 2008-04-20 22:53 <DIR> d-------- C:\Program Files\Pcsx2
2008-04-12 11:04 . 2008-04-12 11:04 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-04-11 06:59 . 2008-04-11 06:59 <DIR> d-------- C:\Program Files\7-Zip
2008-04-08 19:08 . 2008-04-08 19:09 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-08 17:03 . 2008-04-08 17:03 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-04-08 16:57 . 2008-04-08 16:57 <DIR> d-------- C:\Documents and Settings\Jindra\.smplayer
2008-04-08 16:48 . 2008-04-08 16:48 <DIR> d-------- C:\Program Files\GRETECH
2008-04-07 06:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-07 06:12 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-07 06:12 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-06 15:40 . 2008-04-06 15:40 <DIR> d-------- C:\Program Files\QIP Infium
2008-04-06 15:34 . 2008-04-06 15:34 <DIR> d-------- C:\Documents and Settings\Jindra\Contacts
2008-04-06 15:28 . 2008-04-06 15:31 <DIR> d-------- C:\Program Files\Windows Live
2008-04-06 15:28 . 2008-04-06 15:31 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-04 19:39 . 2008-04-04 19:51 164 --a------ C:\WINDOWS\wcx_ftp.ini
2008-04-04 19:38 . 2008-04-04 19:38 <DIR> d-------- C:\totalcmd
2008-04-04 19:38 . 2007-09-06 06:57 545 --a------ C:\WINDOWS\UC.PIF
2008-04-04 19:38 . 2007-09-06 06:57 545 --a------ C:\WINDOWS\RAR.PIF
2008-04-04 19:38 . 2007-09-06 06:57 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-04-04 19:38 . 2007-09-06 06:57 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-04-04 19:38 . 2007-09-06 06:57 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-04-04 19:38 . 2007-09-06 06:57 545 --a------ C:\WINDOWS\LHA.PIF
2008-04-04 19:38 . 2007-09-06 06:57 545 --a------ C:\WINDOWS\ARJ.PIF
2008-04-04 19:38 . 2008-04-04 19:52 436 --a------ C:\WINDOWS\wincmd.ini
2008-04-02 20:30 . 2008-04-02 20:30 <DIR> d-------- C:\Program Files\ZOO Digital Publishing
2008-03-31 16:18 . 2008-03-31 16:18 <DIR> d-------- C:\Program Files\Symbian OS Tools
2008-03-31 16:18 . 2008-03-31 16:18 <DIR> d-------- C:\Program Files\Common Files\Symbian
2008-03-30 16:54 . 2008-03-30 16:54 <DIR> d-------- C:\Scenario
2008-03-29 21:57 . 2008-03-29 21:58 <DIR> d-------- C:\WINDOWS\uninstall\Ultimate fight
2008-03-29 21:57 . 2008-03-29 21:57 <DIR> d-------- C:\WINDOWS\uninstall
2008-03-29 20:48 . 2008-03-29 20:48 <DIR> d-------- C:\Program Files\Phoenix Crew
2008-03-26 20:24 . 2008-03-26 20:24 <DIR> d-------- C:\Program Files\Game_Maker6
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 16:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 14:44 --------- d-----w C:\Program Files\Spyware Terminator
2008-04-24 11:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 11:39 --------- d-----w C:\Program Files\THQ
2008-04-23 15:02 --------- d-----w C:\Program Files\Electronic Arts
2008-04-22 04:54 --------- d-----w C:\Program Files\FlashFXP
2008-04-20 18:29 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-04-14 14:36 --------- d-----w C:\Program Files\Syncrosoft
2008-04-09 17:29 --------- d-----w C:\Program Files\Activision
2008-04-08 17:08 --------- d-----w C:\Program Files\Nero
2008-04-08 14:54 --------- d-----w C:\Program Files\Game_Maker7
2008-04-08 13:12 --------- d-----w C:\Program Files\FreeCommander
2008-04-06 15:57 --------- d-----w C:\Program Files\VstPlugIns
2008-03-30 16:13 --------- d-----w C:\Program Files\Rockstar Games
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-03-22 18:35 --------- d-----w C:\Program Files\Final Fantasy VII
2008-03-22 17:39 --------- d-----w C:\Program Files\Jubler
2008-03-21 21:15 --------- d-----w C:\Program Files\Battle Realms
2008-03-21 16:54 --------- d-----w C:\Program Files\Last.fm
2008-03-21 16:54 --------- d-----w C:\Program Files\iTunes
2008-03-20 18:19 --------- d--h--w C:\Program Files\Zero G Registry
2008-03-20 18:18 --------- d-----w C:\Program Files\Series_60_Theme_Studio
2008-03-20 07:13 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-03-19 22:20 --------- d-----w C:\Program Files\UltraISO
2008-03-19 22:20 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-03-19 06:04 --------- d-----w C:\Program Files\VirtualDub
2008-03-19 05:54 --------- d-----w C:\Program Files\Diablo II
2008-03-19 05:47 --------- d-----w C:\Program Files\Xvid CZ
2008-03-18 21:14 --------- d-----w C:\Program Files\MediaCoder
2008-03-13 23:02 --------- d-----w C:\Program Files\VideoLAN
2008-03-12 16:37 --------- d-----w C:\Program Files\Real Alternative
2008-03-12 16:37 --------- d-----w C:\Program Files\Real
2008-03-12 16:37 --------- d-----w C:\Program Files\Common Files\Real
2008-03-11 00:06 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-10 23:56 --------- d-----w C:\Program Files\ShrinkTo5
2008-03-10 23:53 --------- d-----w C:\Program Files\Burn4Free
2008-03-10 22:30 229,727 ----a-w C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_3375.exe
2008-03-10 22:30 --------- d-----w C:\Program Files\Burn4Free Toolbar
2008-03-09 21:58 --------- d-----w C:\Program Files\Java
2008-03-09 21:57 --------- d-----w C:\Program Files\Common Files\Java
2008-03-09 18:24 --------- d-----w C:\Program Files\VID_0E8F&PID_0012
2008-03-09 09:08 --------- d-----w C:\Program Files\Ubisoft
2008-03-09 07:51 --------- d-----w C:\Program Files\EA GAMES
2008-03-06 23:33 --------- d-----w C:\Program Files\MegauploadToolbar
2008-03-05 19:23 --------- d-----w C:\Program Files\Nokia
2008-03-05 19:21 --------- d-----w C:\Program Files\DIFX
2008-03-05 19:21 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-03-05 19:21 --------- d-----w C:\Program Files\Common Files\Nokia
2008-03-04 17:08 138,752 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-03 22:49 --------- d-----w C:\Program Files\Sjboy Emulator
2008-03-02 20:08 --------- d-----w C:\Program Files\Total PDF Converter
2008-03-02 15:56 --------- d-----w C:\Program Files\Wizards of the Coast
2008-02-29 17:36 --------- d-----w C:\Program Files\AGEIA Technologies
2008-02-29 05:30 --------- d-----w C:\Program Files\Aspyr
2008-02-26 23:20 --------- d-----w C:\Program Files\GameSpy Arcade
2008-02-26 22:59 --------- d-----w C:\Program Files\Microsoft Games
2008-02-26 19:11 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-25 18:35 --------- d-----w C:\Program Files\Steinberg
2008-02-10 22:23 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-02-10 21:37 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-10 21:21 315,392 ----a-w C:\WINDOWS\HideWin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4FB917D6-C522-4A50-A57F-F14E61174504}]
C:\WINDOWS\system32\nnnllIcC.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6155F495-5D28-4611-B1B5-97EC7D95398C}]
C:\WINDOWS\system32\byXQHxyA.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 00:49 15360]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-01-21 17:15 2449455]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 10:45 1826816 C:\WINDOWS\SkyTel.exe]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-03-04 19:08 2957824]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 01:00 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"BM173bf689"="C:\WINDOWS\system32\jlqwbjwe.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-18 00:49 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXQghHY]
cbXQghHY.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.xvid"= xvid.dll
"vidc.tm2x"= TM2X.dll TrueMotion® 2X VFW Codec
"vidc.tm2a"= TM2A.dll TrueMotion® 2X Archiver
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"msacm.divxa32"= msaud32_divx.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\EA GAMES\\Command & Conquer Generals Zero Hour\\game.dat"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"C:\\Documents and Settings\\Jindra\\Plocha\\vbalink173_cz\\VisualBoyAdvance.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\QIP Infium\\infium.exe"=
"C:\\Program Files\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-04 19:08]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 08:04]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-02-11 00:23]
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 20:09:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-25 20:14:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-25 18:14:19
Adresářů: 19, Volných bajtů: 6,847,049,728
Adres ý…: 21, Volněch bajt…: 7,060,848,640
253 --- E O F --- 2008-04-10 01:02:36
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1451 [GMT 2:00]
Running from: C:\Downloads\Software\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AyxHQXyb.ini
C:\WINDOWS\system32\AyxHQXyb.ini2
C:\WINDOWS\system32\cbXQghHY.dll
C:\WINDOWS\system32\CcIllnnn.ini
C:\WINDOWS\system32\CcIllnnn.ini2
C:\WINDOWS\system32\khfDtQIB.dll
C:\WINDOWS\system32\opnonmMf.dll
C:\WINDOWS\system32\wvUoLbAr.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.
2008-04-25 19:39 . 2008-02-10 22:10 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-04-25 19:39 . 2008-02-10 23:05 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-04-25 19:39 . 2008-02-10 23:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-04-25 19:39 . 2008-02-10 23:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-04-25 19:39 . 2008-02-10 23:05 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-04-25 19:39 . 2008-02-10 23:05 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-04-25 19:39 . 2008-02-10 23:05 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-04-25 19:39 . 2008-02-10 23:05 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-04-25 19:39 . 2008-04-25 19:39 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-25 19:39 . 2008-04-25 20:03 1,024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG
2008-04-25 18:59 . 2008-04-25 19:56 384 --a------ C:\WINDOWS\wininit.ini
2008-04-25 18:35 . 2008-04-25 18:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-25 18:34 . 2008-04-25 18:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-25 18:27 . 2008-04-25 18:27 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-25 18:12 . 2008-04-25 18:20 1,505,437 --ahs---- C:\WINDOWS\system32\trmpulkb.ini
2008-04-25 16:46 . 2008-04-25 18:04 1,503,388 --ahs---- C:\WINDOWS\system32\tkqpsbgl.ini
2008-04-25 16:44 . 2008-04-25 19:01 109,789 --a------ C:\WINDOWS\BM173bf689.xml
2008-04-25 00:25 . 2008-04-25 00:25 <DIR> d-------- C:\Program Files\Lonely Cat Games
2008-04-24 13:53 . 2006-04-29 14:25 40,960 --a------ C:\WINDOWS\system32\psfind.dll
2008-04-22 06:51 . 2008-04-23 07:10 <DIR> d-------- C:\Program Files\Tom Clancy's Rainbow Six Vegas
2008-04-21 21:34 . 2008-04-21 21:34 <DIR> d-------- C:\Program Files\Techland
2008-04-20 23:19 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-04-20 23:19 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-04-20 23:19 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-04-20 23:19 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-04-20 23:19 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-04-20 23:19 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-04-20 20:32 . 2008-04-20 20:32 203 --a------ C:\WINDOWS\GSdx9 sse2.INI
2008-04-20 20:31 . 2008-04-20 22:53 <DIR> d-------- C:\Program Files\Pcsx2
2008-04-12 11:04 . 2008-04-12 11:04 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-04-11 06:59 . 2008-04-11 06:59 <DIR> d-------- C:\Program Files\7-Zip
2008-04-08 19:08 . 2008-04-08 19:09 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-08 17:03 . 2008-04-08 17:03 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-04-08 16:57 . 2008-04-08 16:57 <DIR> d-------- C:\Documents and Settings\Jindra\.smplayer
2008-04-08 16:48 . 2008-04-08 16:48 <DIR> d-------- C:\Program Files\GRETECH
2008-04-07 06:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-07 06:12 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-07 06:12 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-06 15:40 . 2008-04-06 15:40 <DIR> d-------- C:\Program Files\QIP Infium
2008-04-06 15:34 . 2008-04-06 15:34 <DIR> d-------- C:\Documents and Settings\Jindra\Contacts
2008-04-06 15:28 . 2008-04-06 15:31 <DIR> d-------- C:\Program Files\Windows Live
2008-04-06 15:28 . 2008-04-06 15:31 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-04 19:39 . 2008-04-04 19:51 164 --a------ C:\WINDOWS\wcx_ftp.ini
2008-04-04 19:38 . 2008-04-04 19:38 <DIR> d-------- C:\totalcmd
2008-04-04 19:38 . 2007-09-06 06:57 545 --a------ C:\WINDOWS\UC.PIF
2008-04-04 19:38 . 2007-09-06 06:57 545 --a------ C:\WINDOWS\RAR.PIF
2008-04-04 19:38 . 2007-09-06 06:57 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-04-04 19:38 . 2007-09-06 06:57 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-04-04 19:38 . 2007-09-06 06:57 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-04-04 19:38 . 2007-09-06 06:57 545 --a------ C:\WINDOWS\LHA.PIF
2008-04-04 19:38 . 2007-09-06 06:57 545 --a------ C:\WINDOWS\ARJ.PIF
2008-04-04 19:38 . 2008-04-04 19:52 436 --a------ C:\WINDOWS\wincmd.ini
2008-04-02 20:30 . 2008-04-02 20:30 <DIR> d-------- C:\Program Files\ZOO Digital Publishing
2008-03-31 16:18 . 2008-03-31 16:18 <DIR> d-------- C:\Program Files\Symbian OS Tools
2008-03-31 16:18 . 2008-03-31 16:18 <DIR> d-------- C:\Program Files\Common Files\Symbian
2008-03-30 16:54 . 2008-03-30 16:54 <DIR> d-------- C:\Scenario
2008-03-29 21:57 . 2008-03-29 21:58 <DIR> d-------- C:\WINDOWS\uninstall\Ultimate fight
2008-03-29 21:57 . 2008-03-29 21:57 <DIR> d-------- C:\WINDOWS\uninstall
2008-03-29 20:48 . 2008-03-29 20:48 <DIR> d-------- C:\Program Files\Phoenix Crew
2008-03-26 20:24 . 2008-03-26 20:24 <DIR> d-------- C:\Program Files\Game_Maker6
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 16:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 14:44 --------- d-----w C:\Program Files\Spyware Terminator
2008-04-24 11:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 11:39 --------- d-----w C:\Program Files\THQ
2008-04-23 15:02 --------- d-----w C:\Program Files\Electronic Arts
2008-04-22 04:54 --------- d-----w C:\Program Files\FlashFXP
2008-04-20 18:29 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-04-14 14:36 --------- d-----w C:\Program Files\Syncrosoft
2008-04-09 17:29 --------- d-----w C:\Program Files\Activision
2008-04-08 17:08 --------- d-----w C:\Program Files\Nero
2008-04-08 14:54 --------- d-----w C:\Program Files\Game_Maker7
2008-04-08 13:12 --------- d-----w C:\Program Files\FreeCommander
2008-04-06 15:57 --------- d-----w C:\Program Files\VstPlugIns
2008-03-30 16:13 --------- d-----w C:\Program Files\Rockstar Games
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-03-22 18:35 --------- d-----w C:\Program Files\Final Fantasy VII
2008-03-22 17:39 --------- d-----w C:\Program Files\Jubler
2008-03-21 21:15 --------- d-----w C:\Program Files\Battle Realms
2008-03-21 16:54 --------- d-----w C:\Program Files\Last.fm
2008-03-21 16:54 --------- d-----w C:\Program Files\iTunes
2008-03-20 18:19 --------- d--h--w C:\Program Files\Zero G Registry
2008-03-20 18:18 --------- d-----w C:\Program Files\Series_60_Theme_Studio
2008-03-20 07:13 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-03-19 22:20 --------- d-----w C:\Program Files\UltraISO
2008-03-19 22:20 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-03-19 06:04 --------- d-----w C:\Program Files\VirtualDub
2008-03-19 05:54 --------- d-----w C:\Program Files\Diablo II
2008-03-19 05:47 --------- d-----w C:\Program Files\Xvid CZ
2008-03-18 21:14 --------- d-----w C:\Program Files\MediaCoder
2008-03-13 23:02 --------- d-----w C:\Program Files\VideoLAN
2008-03-12 16:37 --------- d-----w C:\Program Files\Real Alternative
2008-03-12 16:37 --------- d-----w C:\Program Files\Real
2008-03-12 16:37 --------- d-----w C:\Program Files\Common Files\Real
2008-03-11 00:06 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-10 23:56 --------- d-----w C:\Program Files\ShrinkTo5
2008-03-10 23:53 --------- d-----w C:\Program Files\Burn4Free
2008-03-10 22:30 229,727 ----a-w C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_3375.exe
2008-03-10 22:30 --------- d-----w C:\Program Files\Burn4Free Toolbar
2008-03-09 21:58 --------- d-----w C:\Program Files\Java
2008-03-09 21:57 --------- d-----w C:\Program Files\Common Files\Java
2008-03-09 18:24 --------- d-----w C:\Program Files\VID_0E8F&PID_0012
2008-03-09 09:08 --------- d-----w C:\Program Files\Ubisoft
2008-03-09 07:51 --------- d-----w C:\Program Files\EA GAMES
2008-03-06 23:33 --------- d-----w C:\Program Files\MegauploadToolbar
2008-03-05 19:23 --------- d-----w C:\Program Files\Nokia
2008-03-05 19:21 --------- d-----w C:\Program Files\DIFX
2008-03-05 19:21 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-03-05 19:21 --------- d-----w C:\Program Files\Common Files\Nokia
2008-03-04 17:08 138,752 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-03 22:49 --------- d-----w C:\Program Files\Sjboy Emulator
2008-03-02 20:08 --------- d-----w C:\Program Files\Total PDF Converter
2008-03-02 15:56 --------- d-----w C:\Program Files\Wizards of the Coast
2008-02-29 17:36 --------- d-----w C:\Program Files\AGEIA Technologies
2008-02-29 05:30 --------- d-----w C:\Program Files\Aspyr
2008-02-26 23:20 --------- d-----w C:\Program Files\GameSpy Arcade
2008-02-26 22:59 --------- d-----w C:\Program Files\Microsoft Games
2008-02-26 19:11 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-25 18:35 --------- d-----w C:\Program Files\Steinberg
2008-02-10 22:23 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-02-10 21:37 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-10 21:21 315,392 ----a-w C:\WINDOWS\HideWin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4FB917D6-C522-4A50-A57F-F14E61174504}]
C:\WINDOWS\system32\nnnllIcC.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6155F495-5D28-4611-B1B5-97EC7D95398C}]
C:\WINDOWS\system32\byXQHxyA.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 00:49 15360]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-01-21 17:15 2449455]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 10:45 1826816 C:\WINDOWS\SkyTel.exe]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-03-04 19:08 2957824]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 01:00 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"BM173bf689"="C:\WINDOWS\system32\jlqwbjwe.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-18 00:49 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXQghHY]
cbXQghHY.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.xvid"= xvid.dll
"vidc.tm2x"= TM2X.dll TrueMotion® 2X VFW Codec
"vidc.tm2a"= TM2A.dll TrueMotion® 2X Archiver
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"msacm.divxa32"= msaud32_divx.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\EA GAMES\\Command & Conquer Generals Zero Hour\\game.dat"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"C:\\Documents and Settings\\Jindra\\Plocha\\vbalink173_cz\\VisualBoyAdvance.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\QIP Infium\\infium.exe"=
"C:\\Program Files\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-04 19:08]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 08:04]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-02-11 00:23]
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 20:09:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-25 20:14:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-25 18:14:19
Adresářů: 19, Volných bajtů: 6,847,049,728
Adres ý…: 21, Volněch bajt…: 7,060,848,640
253 --- E O F --- 2008-04-10 01:02:36
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
C:\WINDOWS\system32\tkqpsbgl.ini
C:\WINDOWS\system32\trmpulkb.ini
C:\WINDOWS\BM173bf689.xml
C:\WINDOWS\system32\nnnllIcC.dll
C:\WINDOWS\system32\byXQHxyA.dll
C:\WINDOWS\system32\jlqwbjwe.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4FB917D6-C522-4A50-A57F-F14E61174504}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6155F495-5D28-4611-B1B5-97EC7D95398C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM173bf689"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXQghHY]Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Kontrola logu.
Tak tohle me pomohlo chci jen podekovat uz jsem se s tim trapil pekne dlouho 
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 84 hostů