Problém s flashkou

[Karlik.]

Tak bohužel i po zformátování stále ten samý problém :( na obou pc mám ten avast, takže problém v něm?

[Reklama]

[fredik]

Proč hned formátovat?

V kterém souboru ti Avast hlásí ten vir?

Vlož sem log z CF:
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah


Pak proveď kontrolu a vlož sem log z Kaspersky Online Scanner! (potřeba spustit v IE)
- klikni na tlačítko Accept
- budeš vyzván k nainstalovaní ActiveX komponenty od Kasperského, tak to povol
- program si stáhne potřebnou databázi
- po stažení klikni na volbu:
Po té klikni na tlačítko: Scan Settings
- dostaneš se do okna Scan settings a tam zvol následující možnosti vyber následující:

Pod položkou: Scan using the following antivirus database:

standard - detect viruses, worms, Trojans, rootkits

Pod položkou: Scan Options: - nech zvlolené obě možnosti:

Scan Archives - scan files inside archives
Scan Mail Bases - scan e-mails/attachments inside mail base files

Pak klikni na tlačítko OK

Nyní pak pod položkou Please select a target to scan zvol možnost:

- spustí se kontrola systému
- po jejím proběhnutí se ti zobrazí seznam co našel
Klikni na tlačítko Save Report As...
- ulož si ho třeba na plochu a zvol tyto parametry:
- Název souboru: zde napiš: Kavlog
- Uložit jako typ: tak tam vyber: Text file (*.txt)

[El Diablo]

Může být, ale nemůžu to tvrdit na 100%, pokud ti přítomnost viru nepotvrdí žádný jiný antivir, pak to bude jisté. Já používám Aviru, můžeš ji vyzkoušet je zdarma.

[Karlik.]

File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe infected by "Backdoor.Win32.Small.dlh" Virus! Action Taken: No Action Taken.

tohle mi našel ten mwav.exe

[Karlik.]

Avast mi to jednou hlásí na disku C:/RECYCLERS a pak zase na F,což je ta flashka F:/autorun.inf

[Karlik.]

Aha,tak ono je toho vic....

ile C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe infected by "Backdoor.Win32.Small.dlh" Virus! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "surfaccuracy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "surfaccuracy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu/search Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "aureate/radiate Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu/search Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mediaadvantage Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "newdotnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "surfaccuracy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "smitfraud new Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "backdoor (ircbot) trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "backdoor (ircbot) trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "smitfraud new Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\ACDSee 7.0.psd" refers to invalid object "{3fd07b5f-b17a-4243-949b-94c5a9d2e465}". Action Taken: No Action Taken.
Entry "HKCR\CmdLineExt.CmdLineContextMenu" refers to invalid object "{9869EFB4-18E9-11D3-A837-00104B9E30B5}". Action Taken: No Action Taken.
Entry "HKCR\CmdLineExt.CmdLineContextMenu.1" refers to invalid object "{9869EFB4-18E9-11D3-A837-00104B9E30B5}". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""E:\data\cdw32.exe"". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\hry\GameZone\UpCli.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Hry\GAMESP~1\GSAPak.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Hry\GAMESP~1\GSAPak.exe -launch". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\hry". Action Taken: No Action Taken.

[fredik]

Tak připoj flešku a použij ComboFix a dej sem pak z něho log.
+
Stáhni tento program: Flash Disinfector (by sUBs) a ulož si ho na disk

[Karlik.]

Tak tady je ten log z combo fixu ještě bez té flashky, jak jsi psal:


ComboFix 08-04-27.3 - Karel 2008-04-28 20:42:01.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.356 [GMT 2:00]
Running from: C:\Documents and Settings\Karel\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Karel\Local Settings\Data aplikací\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\SurfAccuracy
C:\Program Files\SurfAccuracy\License.lnk
C:\Program Files\SurfAccuracy\SAcc.cfg
C:\Program Files\SurfAccuracy\SAccU.exe
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\pfxzmtwbmail.dll
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\via.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XPROTECTOR
-------\Service_XPROTECTOR


((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.

2008-04-28 20:28 . 2008-04-28 20:28 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-04-28 20:28 . 2008-04-28 20:28 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-04-28 20:28 . 2008-04-28 20:28 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-04-28 20:28 . 2008-04-28 20:28 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-04-28 20:28 . 2008-04-28 20:28 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-04-28 20:28 . 2008-04-28 20:28 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-04-28 20:23 . 2008-04-28 20:23 26 --a------ C:\WINDOWS\Lic.xxx
2008-04-28 20:22 . 2004-08-17 15:49 147,968 --a------ C:\WINDOWS\R.COM
2008-04-28 20:22 . 2004-08-17 15:49 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-04-06 19:39 . 2008-04-06 19:39 <DIR> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 15:52 --------- d-----w C:\Program Files\ICQLite
2008-03-27 16:46 41,888 ----a-w C:\WINDOWS\system32\drivers\Oreans.sys
2008-03-26 13:44 --------- d-----w C:\Program Files\Hamachi
2008-03-26 13:43 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-21 12:08 --------- d-----w C:\Program Files\Winamp
2008-03-21 12:08 --------- d-----w C:\Program Files\Common Files\NSV
2006-11-24 18:19 4,079 ----a-w C:\Documents and Settings\Karel\context.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-06-13 21:31 4734976]
"nwiz"="nwiz.exe" [2003-06-13 21:31 323584 C:\WINDOWS\system32\nwiz.exe]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-13 11:51 1450096]
"SeznamAntidialer"="C:\Program Files\Seznam Bezpecny Internet\SBIAntiDialer.exe" [2005-01-24 11:11 286720]
"CHotkey"="mHotkey.exe" [2002-07-05 16:37 491008 C:\WINDOWS\mHotkey.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06 79224]
"NewsUpd"="C:\Program Files\Creative\News\NewsUpd.exe" [2000-03-23 03:00 39936]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 02:55 189952]
"C-Media Mixer"="Mixer.exe" [2002-03-04 05:02 1454080 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIVF"= DivX412.dll
"msacm.divxa32"= DivXa32.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"VIDC.i420"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"msacm.l3codecp"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Hry\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Hry\\Age of Empires II Conqeror\\age2_x1\\Epo2_x1.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Hry\\Age of Empires II Conqeror\\age2_x1\\age2_x1.exe"=
"C:\\Hry\\Age of Empires II Conqeror\\Epoha2.exe"=
"C:\\Hry\\Age of Empires II Conqeror\\empires2.exe"=
"C:\\Hry\\Codemasters\\Operation Flashpoint\\FlashpointResistance.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Hry\\Return to Castle Wolfenstein\\WolfMP.exe"=
"C:\\Hry\\Microprose\\Grand Prix 3\\GP3.exe"=
"C:\\Hry\\EA Sports\\NHL 2001\\NHL2001.ICD"=
"C:\\Hry\\RA2\\gamemd.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Hry\\Soldat\\Soldat.exe"=
"C:\\Hry\\JoWooD\\Europa 1400 - The Guild\\Europa1400.exe"=
"C:\\Program Files\\viphone communicator\\viphone communicator.exe"=
"C:\\Hry\\Age of Empires II Conqeror\\empires2..exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Hry\\Valve\\hl.exe"=
"C:\\Hry\\Unreal Tournament\\System\\UnrealTournament.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20023:TCP"= 20023:TCP:BitComet 20023 TCP
"20023:UDP"= 20023:UDP:BitComet 20023 UDP
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S1 prodrv04;Star Force copy protection driver v4;C:\WINDOWS\system32\drivers\prodrv04.sys [2006-06-25 18:56]
S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2005-03-22 04:03]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C2-99CB-11CF-AYX5-00401C648513}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 20:49:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A???????B???@?$?@?? C?????U?@?????????@?B???A???????A???????B???@?????P???$?@????????????w??????????@???????????????????B???????????????????????????????????B

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CHotkey"="mHotkey.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ctsvccda.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-28 20:57:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-28 18:55:43

Adresářů: 15, Volných bajtů: 16,904,253,440
Adres ý…: 18, Volněch bajt…: 16,932,421,632

171

[Karlik.]

Tak nastal pokrok.... 1. počítač už žádný problém nehlasí :) myslíš, že pomohl ten program combo fix? že bych ho zkusil použít i u druhého...

//Nejdřív uděláme první Pc a pak druhé.
fredik

[Karlik.]

Já už pro dnešek končím, ale zítra se sem určitě vrátím a přečtu si další pokyny. Moc děkuju za pomoc...

[fredik]

Pokud sis nestáhl ještě Flash Disinfector tak si ho stáhni.
- připoj k Pc flešku
- spusť ho a počkej až program proběhne.
- pak flešku odpoj

Postup s Flash Disinfector zopakuj i u druhé flešky
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C2-99CB-11CF-AYX5-00401C648513}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Karlik.]

Tak obě flashky jsem projel tím Flash Disinfectorem a už mi ani jeden z počítačů, resp. avastů žádného koně nehlásí. Tady vkládám ten log z poslední instruktáže:


ComboFix 08-04-27.3 - Karel 2008-04-29 10:15:46.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.387 [GMT 2:00]
Running from: C:\Documents and Settings\Karel\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Karel\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.

2008-04-28 20:28 . 2008-04-28 20:28 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-04-28 20:28 . 2008-04-28 20:28 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-04-28 20:28 . 2008-04-28 20:28 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-04-28 20:28 . 2008-04-28 20:28 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-04-28 20:28 . 2008-04-28 20:28 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-04-28 20:28 . 2008-04-28 20:28 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-04-28 20:23 . 2008-04-28 20:23 26 --a------ C:\WINDOWS\Lic.xxx
2008-04-28 20:22 . 2004-08-17 15:49 147,968 --a------ C:\WINDOWS\R.COM
2008-04-28 20:22 . 2004-08-17 15:49 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-04-28 15:31 . 2008-04-28 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-04-06 19:39 . 2008-04-06 19:39 <DIR> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 09:51 --------- d-----w C:\Documents and Settings\Karel\Data aplikací\Skype
2008-04-28 09:51 --------- d-----w C:\Documents and Settings\Karel\Data aplikací\Skype
2008-04-28 09:51 --------- d-----w C:\Documents and Settings\Karel\Data aplikací\Skype
2008-04-19 19:02 --------- d-----w C:\Documents and Settings\Karel\Data aplikací\uTorrent
2008-04-19 19:02 --------- d-----w C:\Documents and Settings\Karel\Data aplikací\uTorrent
2008-04-19 19:02 --------- d-----w C:\Documents and Settings\Karel\Data aplikací\uTorrent
2008-04-10 14:13 --------- d-----w C:\Documents and Settings\Karel\Data aplikací\Hamachi
2008-04-10 14:13 --------- d-----w C:\Documents and Settings\Karel\Data aplikací\Hamachi
2008-04-10 14:13 --------- d-----w C:\Documents and Settings\Karel\Data aplikací\Hamachi
2008-04-07 13:42 23,360 ----a-w C:\Documents and Settings\Karel\Data aplikací\GDIPFONTCACHEV1.DAT
2008-04-07 13:42 23,360 ----a-w C:\Documents and Settings\Karel\Data aplikací\GDIPFONTCACHEV1.DAT
2008-04-07 13:42 23,360 ----a-w C:\Documents and Settings\Karel\Data aplikací\GDIPFONTCACHEV1.DAT
2008-04-06 15:52 --------- d-----w C:\Program Files\ICQLite
2008-03-27 16:46 41,888 ----a-w C:\WINDOWS\system32\drivers\Oreans.sys
2008-03-26 13:44 --------- d-----w C:\Program Files\Hamachi
2008-03-26 13:43 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-21 12:08 --------- d-----w C:\Program Files\Winamp
2008-03-21 12:08 --------- d-----w C:\Program Files\Common Files\NSV
2006-11-24 18:19 4,079 ----a-w C:\Documents and Settings\Karel\context.bin
.

((((((((((((((((((((((((((((( snapshot@2008-04-28_20.54.46.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-28 18:48:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-29 08:09:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-29 08:09:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_668.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-06-13 21:31 4734976]
"nwiz"="nwiz.exe" [2003-06-13 21:31 323584 C:\WINDOWS\system32\nwiz.exe]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-13 11:51 1450096]
"SeznamAntidialer"="C:\Program Files\Seznam Bezpecny Internet\SBIAntiDialer.exe" [2005-01-24 11:11 286720]
"CHotkey"="mHotkey.exe" [2002-07-05 16:37 491008 C:\WINDOWS\mHotkey.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06 79224]
"NewsUpd"="C:\Program Files\Creative\News\NewsUpd.exe" [2000-03-23 03:00 39936]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 02:55 189952]
"C-Media Mixer"="Mixer.exe" [2002-03-04 05:02 1454080 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-11-13 15:49:10 121856]
viphone communicator.lnk - C:\Program Files\viphone communicator\viphone communicator.exe [2008-02-02 12:17:36 1483264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIVF"= DivX412.dll
"msacm.divxa32"= DivXa32.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"VIDC.i420"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"msacm.l3codecp"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Hry\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Hry\\Age of Empires II Conqeror\\age2_x1\\Epo2_x1.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Hry\\Age of Empires II Conqeror\\age2_x1\\age2_x1.exe"=
"C:\\Hry\\Age of Empires II Conqeror\\Epoha2.exe"=
"C:\\Hry\\Age of Empires II Conqeror\\empires2.exe"=
"C:\\Hry\\Codemasters\\Operation Flashpoint\\FlashpointResistance.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Hry\\Return to Castle Wolfenstein\\WolfMP.exe"=
"C:\\Hry\\Microprose\\Grand Prix 3\\GP3.exe"=
"C:\\Hry\\EA Sports\\NHL 2001\\NHL2001.ICD"=
"C:\\Hry\\RA2\\gamemd.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Hry\\Soldat\\Soldat.exe"=
"C:\\Hry\\JoWooD\\Europa 1400 - The Guild\\Europa1400.exe"=
"C:\\Program Files\\viphone communicator\\viphone communicator.exe"=
"C:\\Hry\\Age of Empires II Conqeror\\empires2..exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Hry\\Valve\\hl.exe"=
"C:\\Hry\\Unreal Tournament\\System\\UnrealTournament.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20023:TCP"= 20023:TCP:BitComet 20023 TCP
"20023:UDP"= 20023:UDP:BitComet 20023 UDP
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S1 prodrv04;Star Force copy protection driver v4;C:\WINDOWS\system32\drivers\prodrv04.sys [2006-06-25 18:56]
S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2005-03-22 04:03]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 10:19:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A???????B???@?$?@?? C?????U?@?????????@?B???A???????A???????B???@?????P???$?@????????????w??????????@?q?????????????????B???????????????????????????????????B

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CHotkey"="mHotkey.exe"
.
Completion time: 2008-04-29 10:23:30
ComboFix-quarantined-files.txt 2008-04-29 08:23:23
ComboFix2.txt 2008-04-29 07:58:39
ComboFix3.txt 2008-04-28 18:57:11

Adresářů: 15, Volných bajtů: 16,916,045,824
Adresářů: 18, Volných bajtů: 16,906,342,400

161