Dobrý den. mám problém s virtumonde. Spybot mi ho najde, smaže, ale on se znovu obnoví. Zatím jsem přišel jen na to, že mi blokuje nějaké stránky.. Třeba vyhledávače
muj log z HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:31, on 30.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\QIP\qip.exe
C:\Program Files\totalcmd7\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.servis24.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {89657FA2-DD86-4CFC-868C-8936AB239E1D} - C:\WINDOWS\system32\qoMefefg.dll (file missing)
O2 - BHO: (no name) - {ACED1C9F-2718-4512-9F69-F4E28C1F484F} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C4A2E1E1-41A2-4514-8797-1D5CFAC75512} - C:\WINDOWS\system32\cbXRHbcb.dll (file missing)
O2 - BHO: (no name) - {E03C5BEE-09AB-4F2B-AC3B-0AAB99BDC9AE} - C:\WINDOWS\system32\rqRJAroO.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - c:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BMefb693dd] Rundll32.exe "C:\WINDOWS\system32\mtfgjumd.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6506709406
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ ... /CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: yaywuUlM - C:\WINDOWS\
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 11641 bytes
a z SDFix:
SDFix: Version 1.199
Run by Administrator on po 30.06.2008 at 18:00
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 18:14:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2645764b
"s2"=dword:9eb893a4
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5e,73,cb,e8,b3,90,eb,a2,bf,5c,d9,b0,bc,42,43,b8,f0,3b,21,e1,90,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ff,57,68,a7,c4,b5,4d,72,93,b6,e2,35,c1,e6,f9,ef,61,..
"khjeh"=hex:e8,2b,86,5c,30,8e,d4,70,9d,b1,78,a3,1e,f7,f6,e8,c7,4e,c9,02,47,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e4,57,b8,d2,b6,77,8d,eb,5f,51,5b,7c,e9,bb,18,31,bf,da,4c,4f,a5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5e,73,cb,e8,b3,90,eb,a2,bf,5c,d9,b0,bc,42,43,b8,f0,3b,21,e1,90,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ff,57,68,a7,c4,b5,4d,72,93,b6,e2,35,c1,e6,f9,ef,61,..
"khjeh"=hex:e8,2b,86,5c,30,8e,d4,70,9d,b1,78,a3,1e,f7,f6,e8,c7,4e,c9,02,47,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:84,9e,b9,cd,32,4c,51,6b,97,14,7b,0d,a6,65,36,32,68,81,87,ff,2e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5e,73,cb,e8,b3,90,eb,a2,bf,5c,d9,b0,bc,42,43,b8,f0,3b,21,e1,90,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ff,57,68,a7,c4,b5,4d,72,93,b6,e2,35,c1,e6,f9,ef,61,..
"khjeh"=hex:e8,2b,86,5c,30,8e,d4,70,9d,b1,78,a3,1e,f7,f6,e8,c7,4e,c9,02,47,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e4,57,b8,d2,b6,77,8d,eb,5f,51,5b,7c,e9,bb,18,31,bf,da,4c,4f,a5,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\ventrilo\\Ventrilo.exe"="C:\\Program Files\\ventrilo\\Ventrilo.exe:*:Enabled:Ventrilo"
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"="C:\\Program Files\\Warcraft III\\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"="C:\\Program Files\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"="C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat:*:Disabled:The Battle for Middle-earth (tm)"
"C:\\Program Files\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe:*:Disabled:TmNationsESWC"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"E:\\my\\QIP\\qip.exe"="E:\\my\\QIP\\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\\Program Files\\Java\\jdk1.6.0_05\\jre\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.6.0_05\\jre\\bin\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\QIP\\qip.exe"="C:\\Program Files\\QIP\\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\\Program Files\\Miranda IM\\MirandaPack\\MirandaPack\\miranda32.exe"="C:\\Program Files\\Miranda IM\\MirandaPack\\MirandaPack\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\MirandaPack\\miranda32.exe"="C:\\Program Files\\MirandaPack\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\Mir4nda-IM-0.7-Pack-v1.9.3\\miranda32.exe"="C:\\Program Files\\Mir4nda-IM-0.7-Pack-v1.9.3\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\THQ\\MotoGP 2007\\motogp.exe"="C:\\Program Files\\THQ\\MotoGP 2007\\motogp.exe:*:Enabled:motogp"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Disabled:ActiveSync Application"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Disabled:Connection Manager"
"C:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"="C:\\Program Files\\Codemasters\\DiRT\\DiRT.exe:*:Disabled:DiRT Executable"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Disabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Disabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Disabled:TVUPlayer Component"
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe:*:Disabled:Update Service"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Disabled:VLC media player"
"C:\\Program Files\\Ubisoft\\Funatics\\The Settlers II - 10th Anniversary\\bin\\S2DNG.exe"="C:\\Program Files\\Ubisoft\\Funatics\\The Settlers II - 10th Anniversary\\bin\\S2DNG.exe:*:Disabled:S2DNG"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\totalcmd7\\TOTALCMD.EXE"="C:\\Program Files\\totalcmd7\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
Remaining Files :
Files with Hidden Attributes :
Fri 13 May 2005 217,073 A.SHR --- "C:\WINDOWS\meta4.exe"
Mon 7 Jan 2008 352 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 14 Jul 2005 27,648 A.SHR --- "C:\WINDOWS\system32\AVSredirect.dll"
Sun 26 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll"
Tue 21 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll"
Wed 3 May 2006 163,328 A.SHR --- "C:\WINDOWS\system32\flvDX.dll"
Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\i420vfw.dll"
Wed 21 Feb 2007 31,232 A.SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 28 Feb 2005 240,128 A.SHR --- "C:\WINDOWS\system32\x.264.exe"
Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\yv12vfw.dll"
Wed 4 Apr 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Wed 4 Jul 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 15,360 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Sat 10 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Wed 16 Apr 2008 165,232 A..H. --- "C:\Documents and Settings\Admin\Data aplikacˇ\Microsoft\Virtual PC\VPCKeyboard.dll"
Sun 21 Oct 2007 888 ...HR --- "C:\Documents and Settings\Admin\Data aplikacˇ\SecuROM\UserData\securom_v7_01.bak"
Tue 10 Oct 2006 96,768 A..H. --- "C:\Documents and Settings\Admin\Dokumenty\LIBOREK\sarsko\~WRL0001.tmp"
Tue 10 Oct 2006 96,768 A..H. --- "C:\Documents and Settings\Admin\Dokumenty\LIBOREK\sarsko\~WRL0004.tmp"
Tue 10 Oct 2006 143,872 A..H. --- "C:\Documents and Settings\Admin\Dokumenty\LIBOREK\sarsko\~WRL0078.tmp"
Tue 10 Oct 2006 143,872 A..H. --- "C:\Documents and Settings\Admin\Dokumenty\LIBOREK\sarsko\~WRL0903.tmp"
Tue 10 Oct 2006 171,008 A..H. --- "C:\Documents and Settings\Admin\Dokumenty\LIBOREK\sarsko\~WRL1368.tmp"
Tue 10 Oct 2006 117,248 A..H. --- "C:\Documents and Settings\Admin\Dokumenty\LIBOREK\sarsko\~WRL2213.tmp"
Tue 10 Oct 2006 143,872 A..H. --- "C:\Documents and Settings\Admin\Dokumenty\LIBOREK\sarsko\~WRL2612.tmp"
Tue 10 Oct 2006 117,248 A..H. --- "C:\Documents and Settings\Admin\Dokumenty\LIBOREK\sarsko\~WRL3748.tmp"
Tue 20 Apr 2004 47,104 A..H. --- "C:\Documents and Settings\Admin\Dokumenty\MILENKA\Rizeni 4_3_2_1_\~WRL0001.tmp"
Tue 20 Apr 2004 37,888 A..H. --- "C:\Documents and Settings\Admin\Dokumenty\MILENKA\Rizeni 4_3_2_1_\~WRL0005.tmp"
Finished!
virtumonde
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: virtumonde
Vítej na fóru
Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: virtumonde
tak tady je lox z ComboFixu
ComboFix 08-06-20.4 - Admin 2008-06-30 20:43:05.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1558 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 38
pv: No matching processes found
Nesprávná syntaxe příkazu
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMefb693dd.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bcbHRXbc.ini
C:\WINDOWS\system32\bcbHRXbc.ini2
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\gfefeMoq.ini
C:\WINDOWS\system32\gfefeMoq.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\OorAJRqr.ini
C:\WINDOWS\system32\OorAJRqr.ini2
C:\WINDOWS\system32\xefyyhyt.ini
C:\WINDOWS\system32\xjnmcbwb.ini
C:\WINDOWS\system32\ydshdfna.ini
C:\WINDOWS\system32\yhodtkqr.ini
C:\WINDOWS\winhelp.ini
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.
2008-06-30 17:51 . 2008-06-30 17:51 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-30 17:47 . 2008-06-30 18:27 <DIR> d-------- C:\SDFix
2008-06-29 22:43 . 2008-06-29 22:43 <DIR> d-------- C:\VundoFix Backups
2008-06-29 22:43 . 2008-06-30 20:55 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-06-29 22:43 . 2008-06-29 22:43 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-06-29 22:43 . 2008-06-29 22:43 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-06-29 22:43 . 2008-06-29 22:43 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-06-29 22:43 . 2008-06-29 22:43 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-06-29 22:43 . 2008-06-29 22:43 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-06-29 21:49 . 2008-06-29 22:43 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-06-29 21:49 . 2008-06-29 22:43 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-06-29 21:49 . 2008-06-29 22:43 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-29 21:36 . 2008-06-29 21:36 933 --a------ C:\sp.lnk
2008-06-29 20:43 . 2008-06-29 22:43 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-06-29 20:43 . 2008-06-29 20:43 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-29 13:06 . 2008-06-29 13:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-27 22:45 . 2008-06-27 22:45 81,920 --a------ C:\WINDOWS\system32\tyhyyfex.dll
2008-06-27 22:42 . 2008-06-27 22:42 90,112 --a------ C:\WINDOWS\system32\mtfgjumd.dll
2008-06-27 21:06 . 2008-06-27 21:06 90,112 --a------ C:\WINDOWS\system32\ydjtrgjp.dll
2008-06-27 20:38 . 2008-06-29 09:36 326 --a------ C:\WINDOWS\wininit.ini
2008-06-27 20:07 . 2008-06-27 20:07 90,112 --a------ C:\WINDOWS\system32\norsaejc.dll
2008-06-26 17:27 . 2008-06-26 17:27 80,896 --a------ C:\WINDOWS\system32\rqktdohy.dll
2008-06-10 18:14 . 2008-06-10 18:14 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-09 17:46 . 2008-06-09 17:46 <DIR> d-------- C:\WINDOWS\system32\cs
2008-06-09 17:46 . 2008-06-09 17:46 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-09 17:46 . 2008-06-09 17:46 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-09 17:44 . 2008-06-09 17:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-09 17:35 . 2004-08-17 15:43 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-04 20:41 . 2008-06-04 20:41 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-02 13:03 . 2008-06-02 13:03 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2008-06-02 12:44 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-06-02 12:44 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-06-02 12:38 . 2008-06-02 12:38 <DIR> d-------- C:\Program Files\Bonjour
2008-06-02 12:34 . 2008-06-02 12:34 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-01 11:05 . 2008-06-01 11:05 <DIR> d-------- C:\Program Files\OLYMPUS
2008-05-16 10:53 . 2006-11-24 16:45 1,888,256 --a------ C:\h2benchw.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 15:07 --------- d-----w C:\Program Files\%temp&
2008-06-29 10:39 --------- d-----w C:\Program Files\ICQLite
2008-06-27 12:09 --------- d-----w C:\Program Files\Warcraft III
2008-06-02 11:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-02 10:27 --------- d-----w C:\Program Files\Macromedia
2008-06-02 10:18 --------- d-----w C:\Program Files\SpeedFan
2008-06-02 10:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-01 09:06 --------- d-----w C:\Program Files\QuickTime
2008-05-14 12:35 --------- d-----w C:\Program Files\Yuuguu
2008-05-03 14:37 --------- d-----w C:\Program Files\Java
2008-04-14 03:22 69,632 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 03:22 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 03:22 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 03:22 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 03:22 147,968 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 03:22 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 03:22 1,034,240 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 03:21 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 03:21 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 03:21 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 03:21 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 03:21 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 03:21 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2006-12-23 15:04 2,258,996 ----a-w C:\Program Files\WC3Banlist.zip
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89657FA2-DD86-4CFC-868C-8936AB239E1D}]
C:\WINDOWS\system32\qoMefefg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACED1C9F-2718-4512-9F69-F4E28C1F484F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4A2E1E1-41A2-4514-8797-1D5CFAC75512}]
C:\WINDOWS\system32\cbXRHbcb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E03C5BEE-09AB-4F2B-AC3B-0AAB99BDC9AE}]
C:\WINDOWS\system32\rqRJAroO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:22 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2002-01-08 18:24 401496]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-24 19:58 67128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="NvMCTray.dll" [2006-08-08 15:54 86016 C:\WINDOWS\system32\nvmctray.dll]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09 157592]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-22 20:01 196608]
"P17Helper"="P17.dll" [2005-05-03 20:38 64512 C:\WINDOWS\system32\P17.DLL]
"C6501Sound"="c6501.cpl,CMICtrlWnd" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-08 15:54 7630848]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 10:50 28672]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 09:21 1443072]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"BMefb693dd"="C:\WINDOWS\system32\mtfgjumd.dll" [2008-06-27 22:42 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:22 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywuUlM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^Styler.lnk]
path=C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\Styler.lnk
backup=C:\WINDOWS\pss\Styler.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMefb693dd]
--a------ 2008-06-27 22:42 90112 C:\WINDOWS\system32\mtfgjumd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ec85a041]
--a------ 2008-06-27 22:45 81920 C:\WINDOWS\system32\tyhyyfex.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2005-07-08 17:25 1397760 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a------ 2008-02-07 20:32 249856 C:\Program Files\lg_fwupdate\fwupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2006-02-10 22:40 2048000 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-08 15:54 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2008-02-22 14:29 95536 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
--------- 2004-04-21 11:26 86016 C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 21:24 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--------- 2004-08-14 05:42 36864 C:\Program Files\mobile PhoneTools\WatchDog.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Program Files\Save\Save.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\ventrilo\\Ventrilo.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Java\\jdk1.6.0_05\\jre\\bin\\java.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\MirandaPack\\miranda32.exe"=
"C:\\Program Files\\Mir4nda-IM-0.7-Pack-v1.9.3\\miranda32.exe"=
"C:\\Program Files\\THQ\\MotoGP 2007\\motogp.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Ubisoft\\Funatics\\The Settlers II - 10th Anniversary\\bin\\S2DNG.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\totalcmd7\\TOTALCMD.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"38734:TCP"= 38734:TCP:port: 38734
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2007-10-18 09:55]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2007-10-18 09:55]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 20:56]
R3 stihp2k;stihp2k;C:\WINDOWS\system32\DRIVERS\stihp2k.sys [2001-06-05 23:25]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc []
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 18:04]
S3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 18:04]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-11-14 20:09]
S3 k310bus;Sony Ericsson K310 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k310bus.sys [2006-03-10 14:03]
S3 k310mdfl;Sony Ericsson K310 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k310mdfl.sys [2006-03-10 14:03]
S3 k310mdm;Sony Ericsson K310 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k310mdm.sys [2006-03-10 14:03]
S3 k310mgmt;Sony Ericsson K310 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k310mgmt.sys [2006-03-10 14:03]
S3 k310obex;Sony Ericsson K310 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k310obex.sys [2006-03-10 14:03]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2008-04-14 05:22]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2008-04-14 05:22]
S3 p2psvc;Síť rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2008-04-14 05:22]
S3 PNRPSvc;Protokol PNRP;C:\WINDOWS\system32\svchost.exe [2008-04-14 05:22]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 20:55:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\Logitech\SetPoint\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2008-06-30 21:28:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-30 19:27:59
Adresářů: 20, Volných bajtů: 59,690,024,960
Adres ý…: 21, Volněch bajt…: 61,835,255,808
285
ComboFix 08-06-20.4 - Admin 2008-06-30 20:43:05.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1558 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 38
pv: No matching processes found
Nesprávná syntaxe příkazu
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMefb693dd.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bcbHRXbc.ini
C:\WINDOWS\system32\bcbHRXbc.ini2
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\gfefeMoq.ini
C:\WINDOWS\system32\gfefeMoq.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\OorAJRqr.ini
C:\WINDOWS\system32\OorAJRqr.ini2
C:\WINDOWS\system32\xefyyhyt.ini
C:\WINDOWS\system32\xjnmcbwb.ini
C:\WINDOWS\system32\ydshdfna.ini
C:\WINDOWS\system32\yhodtkqr.ini
C:\WINDOWS\winhelp.ini
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.
2008-06-30 17:51 . 2008-06-30 17:51 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-30 17:47 . 2008-06-30 18:27 <DIR> d-------- C:\SDFix
2008-06-29 22:43 . 2008-06-29 22:43 <DIR> d-------- C:\VundoFix Backups
2008-06-29 22:43 . 2008-06-30 20:55 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-06-29 22:43 . 2008-06-29 22:43 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-06-29 22:43 . 2008-06-29 22:43 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-06-29 22:43 . 2008-06-29 22:43 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-06-29 22:43 . 2008-06-29 22:43 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-06-29 22:43 . 2008-06-29 22:43 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-06-29 21:49 . 2008-06-29 22:43 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-06-29 21:49 . 2008-06-29 22:43 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-06-29 21:49 . 2008-06-29 22:43 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-29 21:36 . 2008-06-29 21:36 933 --a------ C:\sp.lnk
2008-06-29 20:43 . 2008-06-29 22:43 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-06-29 20:43 . 2008-06-29 20:43 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-29 13:06 . 2008-06-29 13:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-27 22:45 . 2008-06-27 22:45 81,920 --a------ C:\WINDOWS\system32\tyhyyfex.dll
2008-06-27 22:42 . 2008-06-27 22:42 90,112 --a------ C:\WINDOWS\system32\mtfgjumd.dll
2008-06-27 21:06 . 2008-06-27 21:06 90,112 --a------ C:\WINDOWS\system32\ydjtrgjp.dll
2008-06-27 20:38 . 2008-06-29 09:36 326 --a------ C:\WINDOWS\wininit.ini
2008-06-27 20:07 . 2008-06-27 20:07 90,112 --a------ C:\WINDOWS\system32\norsaejc.dll
2008-06-26 17:27 . 2008-06-26 17:27 80,896 --a------ C:\WINDOWS\system32\rqktdohy.dll
2008-06-10 18:14 . 2008-06-10 18:14 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-09 17:46 . 2008-06-09 17:46 <DIR> d-------- C:\WINDOWS\system32\cs
2008-06-09 17:46 . 2008-06-09 17:46 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-09 17:46 . 2008-06-09 17:46 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-09 17:44 . 2008-06-09 17:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-09 17:35 . 2004-08-17 15:43 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-04 20:41 . 2008-06-04 20:41 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-02 13:03 . 2008-06-02 13:03 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2008-06-02 12:44 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-06-02 12:44 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-06-02 12:38 . 2008-06-02 12:38 <DIR> d-------- C:\Program Files\Bonjour
2008-06-02 12:34 . 2008-06-02 12:34 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-01 11:05 . 2008-06-01 11:05 <DIR> d-------- C:\Program Files\OLYMPUS
2008-05-16 10:53 . 2006-11-24 16:45 1,888,256 --a------ C:\h2benchw.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 15:07 --------- d-----w C:\Program Files\%temp&
2008-06-29 10:39 --------- d-----w C:\Program Files\ICQLite
2008-06-27 12:09 --------- d-----w C:\Program Files\Warcraft III
2008-06-02 11:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-02 10:27 --------- d-----w C:\Program Files\Macromedia
2008-06-02 10:18 --------- d-----w C:\Program Files\SpeedFan
2008-06-02 10:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-01 09:06 --------- d-----w C:\Program Files\QuickTime
2008-05-14 12:35 --------- d-----w C:\Program Files\Yuuguu
2008-05-03 14:37 --------- d-----w C:\Program Files\Java
2008-04-14 03:22 69,632 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 03:22 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 03:22 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 03:22 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 03:22 147,968 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 03:22 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 03:22 1,034,240 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 03:21 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 03:21 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 03:21 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 03:21 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 03:21 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 03:21 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2006-12-23 15:04 2,258,996 ----a-w C:\Program Files\WC3Banlist.zip
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89657FA2-DD86-4CFC-868C-8936AB239E1D}]
C:\WINDOWS\system32\qoMefefg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACED1C9F-2718-4512-9F69-F4E28C1F484F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4A2E1E1-41A2-4514-8797-1D5CFAC75512}]
C:\WINDOWS\system32\cbXRHbcb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E03C5BEE-09AB-4F2B-AC3B-0AAB99BDC9AE}]
C:\WINDOWS\system32\rqRJAroO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:22 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2002-01-08 18:24 401496]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-24 19:58 67128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="NvMCTray.dll" [2006-08-08 15:54 86016 C:\WINDOWS\system32\nvmctray.dll]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09 157592]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-22 20:01 196608]
"P17Helper"="P17.dll" [2005-05-03 20:38 64512 C:\WINDOWS\system32\P17.DLL]
"C6501Sound"="c6501.cpl,CMICtrlWnd" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-08 15:54 7630848]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 10:50 28672]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 09:21 1443072]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"BMefb693dd"="C:\WINDOWS\system32\mtfgjumd.dll" [2008-06-27 22:42 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:22 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywuUlM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^Styler.lnk]
path=C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\Styler.lnk
backup=C:\WINDOWS\pss\Styler.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMefb693dd]
--a------ 2008-06-27 22:42 90112 C:\WINDOWS\system32\mtfgjumd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ec85a041]
--a------ 2008-06-27 22:45 81920 C:\WINDOWS\system32\tyhyyfex.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2005-07-08 17:25 1397760 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a------ 2008-02-07 20:32 249856 C:\Program Files\lg_fwupdate\fwupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2006-02-10 22:40 2048000 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-08 15:54 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2008-02-22 14:29 95536 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
--------- 2004-04-21 11:26 86016 C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 21:24 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--------- 2004-08-14 05:42 36864 C:\Program Files\mobile PhoneTools\WatchDog.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Program Files\Save\Save.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\ventrilo\\Ventrilo.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Java\\jdk1.6.0_05\\jre\\bin\\java.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\MirandaPack\\miranda32.exe"=
"C:\\Program Files\\Mir4nda-IM-0.7-Pack-v1.9.3\\miranda32.exe"=
"C:\\Program Files\\THQ\\MotoGP 2007\\motogp.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Ubisoft\\Funatics\\The Settlers II - 10th Anniversary\\bin\\S2DNG.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\totalcmd7\\TOTALCMD.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"38734:TCP"= 38734:TCP:port: 38734
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2007-10-18 09:55]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2007-10-18 09:55]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 20:56]
R3 stihp2k;stihp2k;C:\WINDOWS\system32\DRIVERS\stihp2k.sys [2001-06-05 23:25]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc []
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 18:04]
S3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 18:04]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-11-14 20:09]
S3 k310bus;Sony Ericsson K310 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k310bus.sys [2006-03-10 14:03]
S3 k310mdfl;Sony Ericsson K310 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k310mdfl.sys [2006-03-10 14:03]
S3 k310mdm;Sony Ericsson K310 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k310mdm.sys [2006-03-10 14:03]
S3 k310mgmt;Sony Ericsson K310 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k310mgmt.sys [2006-03-10 14:03]
S3 k310obex;Sony Ericsson K310 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k310obex.sys [2006-03-10 14:03]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2008-04-14 05:22]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2008-04-14 05:22]
S3 p2psvc;Síť rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2008-04-14 05:22]
S3 PNRPSvc;Protokol PNRP;C:\WINDOWS\system32\svchost.exe [2008-04-14 05:22]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 20:55:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\Logitech\SetPoint\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2008-06-30 21:28:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-30 19:27:59
Adresářů: 20, Volných bajtů: 59,690,024,960
Adres ý…: 21, Volněch bajt…: 61,835,255,808
285
Re: virtumonde
Zdravim,
pouzite Avenger s tymto skriptom:
Skontrolujte, co je v tomto adresari:
pouzite Avenger s tymto skriptom:
Kód: Vybrat vše
Files to delete:
C:\WINDOWS\system32\tyhyyfex.dll
C:\WINDOWS\system32\mtfgjumd.dll
C:\WINDOWS\system32\ydjtrgjp.dll
C:\WINDOWS\system32\norsaejc.dll
C:\WINDOWS\system32\rqktdohy.dll
C:\WINDOWS\system32\x.264.exe
Folders to delete:
C:\Program Files\Save
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89657FA2-DD86-4CFC-868C-8936AB239E1D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ACED1C9F-2718-4512-9F69-F4E28C1F484F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4A2E1E1-41A2-4514-8797-1D5CFAC75512}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E03C5BEE-09AB-4F2B-AC3B-0AAB99BDC9AE}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywuUlM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMefb693dd
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ec85a041
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave
Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | BMefb693ddSkontrolujte, co je v tomto adresari:
Kód: Vybrat vše
C:\Program Files\%temp&Re: virtumonde
Ten skript nepomohl.
A v temp je jen jeden soubor bat.bat vytvořen v prosinci minulého roku. Ten vermunde mám od 26.června
A v temp je jen jeden soubor bat.bat vytvořen v prosinci minulého roku. Ten vermunde mám od 26.června
Re: virtumonde
Posli log z Avengeru, nech vidim, co sa zmazalo a co nie.
Naposledy upravil(a) Kosak dne 30 čer 2008 22:51, celkem upraveno 2 x.
Re: virtumonde
Tak děkuju všem. nakonec jsme na problém přišli na jiném foru přes avenger.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 75 hostů