Spybot - Search & Destroy

[gena17]

Díky za rady a snahu,ale to co napsal ferdík tak to nezvládnu protože to nechápu a neumím

[Reklama]

[fredik]

To zvládneš není to tak složité jak to může vypadat

Stáhni si znovu soubor fv.zip
Vytvoř si někde na disku nějaký adresář a rozbal si tam obsah souboru fv.zip (archiv obsahuje dva soubory fv.bat a jt.exe)
Pak spustíš soubor fv.bat a po jeho vykonáni se ti otevře poznámkový blok a v něm výpis, který sem následně zkopíruješ. Případně ho dodatečně najdeš na disku C v souboru vjob.txt

[gena17]

To zvládneš není to tak složité jak to může vypadat

Stáhni si znovu soubor fv.zip
Vytvoř si někde na disku nějaký adresář a rozbal si tam obsah souboru fv.zip (archiv obsahuje dva soubory fv.bat a jt.exe)
Pak spustíš soubor fv.bat a po jeho vykonáni se ti otevře poznámkový blok a v něm výpis, který sem následně zkopíruješ. Případně ho dodatečně najdeš na disku C v souboru vjob.txt

Právě stím adresářem bys mě mohl pomoct i Kdyby to šlo přes ICQ?[b]nebo Skype

[fredik]

S ICq by byl problém, protože teď to časově nevychází.

Adresář (složku) nemusíš vytvářet, stačí když si to rozbalíš někam a spustíš již zmíněný soubor (podmínkou je aby ty dva soubory byly na stejném místě).

[gena17]

Snad se mě to povedlo co po mě chtěl ferdík
[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'At10.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\WINDOWS\system32\username.exe'
Parameters: ''
WorkingDirectory: ''
Comment: 'Vytvoril: NetScheduleJobAdd'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 08/09/2007 15:10:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
[WARN ] Unrecognized bits = 200000
TaskFlags: 0

1 Trigger

Trigger 0:
Type: MonthlyDate
Days: 9
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 06/18/2006
EndDate: 00/00/0000
StartTime: 15:10
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'At11.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\WINDOWS\system32\expIorer.exe'
Parameters: ''
WorkingDirectory: ''
Comment: 'Vytvoril: NetScheduleJobAdd'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 08/07/2007 15:10:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
[WARN ] Unrecognized bits = 200000
TaskFlags: 0

1 Trigger

Trigger 0:
Type: MonthlyDate
Days: 7
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 06/18/2006
EndDate: 00/00/0000
StartTime: 15:10
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'At12.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\WINDOWS\system32\sp2protect.exe'
Parameters: ''
WorkingDirectory: ''
Comment: 'Vytvoril: NetScheduleJobAdd'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 08/15/2007 15:10:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
[WARN ] Unrecognized bits = 200000
TaskFlags: 0

1 Trigger

Trigger 0:
Type: MonthlyDate
Days: 15
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 06/18/2006
EndDate: 00/00/0000
StartTime: 15:10
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'At13.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\WINDOWS\system32\username.exe'
Parameters: ''
WorkingDirectory: ''
Comment: 'Vytvoril: NetScheduleJobAdd'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 08/09/2007 15:17:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
[WARN ] Unrecognized bits = 200000
TaskFlags: 0

1 Trigger

Trigger 0:
Type: MonthlyDate
Days: 9
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 06/18/2006
EndDate: 00/00/0000
StartTime: 15:17
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'At14.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\WINDOWS\system32\expIorer.exe'
Parameters: ''
WorkingDirectory: ''
Comment: 'Vytvoril: NetScheduleJobAdd'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 08/07/2007 15:17:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
[WARN ] Unrecognized bits = 200000
TaskFlags: 0

1 Trigger

Trigger 0:
Type: MonthlyDate
Days: 7
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 06/18/2006
EndDate: 00/00/0000
StartTime: 15:17
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'At15.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\WINDOWS\system32\sp2protect.exe'
Parameters: ''
WorkingDirectory: ''
Comment: 'Vytvoril: NetScheduleJobAdd'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 08/15/2007 15:17:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
[WARN ] Unrecognized bits = 200000
TaskFlags: 0

1 Trigger

Trigger 0:
Type: MonthlyDate
Days: 15
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 06/18/2006
EndDate: 00/00/0000
StartTime: 15:17
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'At2.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\WINDOWS\system32\expIorer.exe'
Parameters: ''
WorkingDirectory: ''
Comment: 'Vytvoril: NetScheduleJobAdd'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 08/07/2007 14:30:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
[WARN ] Unrecognized bits = 200000
TaskFlags: 0

1 Trigger

Trigger 0:
Type: MonthlyDate
Days: 7
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 12/27/2005
EndDate: 00/00/0000
StartTime: 14:30
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'At3.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\WINDOWS\system32\sp2protect.exe'
Parameters: ''
WorkingDirectory: ''
Comment: 'Vytvoril: NetScheduleJobAdd'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 08/15/2007 14:30:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
[WARN ] Unrecognized bits = 200000
TaskFlags: 0

1 Trigger

Trigger 0:
Type: MonthlyDate
Days: 15
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 12/27/2005
EndDate: 00/00/0000
StartTime: 14:30
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'At4.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\WINDOWS\system32\username.exe'
Parameters: ''
WorkingDirectory: ''
Comment: 'Vytvoril: NetScheduleJobAdd'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 08/09/2007 14:38:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
[WARN ] Unrecognized bits = 200000
TaskFlags: 0

1 Trigger

Trigger 0:
Type: MonthlyDate
Days: 9
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 12/27/2005
EndDate: 00/00/0000
StartTime: 14:38
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'At5.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\WINDOWS\system32\expIorer.exe'
Parameters: ''
WorkingDirectory: ''
Comment: 'Vytvoril: NetScheduleJobAdd'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 08/07/2007 14:38:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
[WARN ] Unrecognized bits = 200000
TaskFlags: 0

1 Trigger

Trigger 0:
Type: MonthlyDate
Days: 7
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 12/27/2005
EndDate: 00/00/0000
StartTime: 14:38
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'At6.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\WINDOWS\system32\sp2protect.exe'
Parameters: ''
WorkingDirectory: ''
Comment: 'Vytvoril: NetScheduleJobAdd'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 08/15/2007 14:38:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
[WARN ] Unrecognized bits = 200000
TaskFlags: 0

1 Trigger

Trigger 0:
Type: MonthlyDate
Days: 15
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 12/27/2005
EndDate: 00/00/0000
StartTime: 14:38
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'At7.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\WINDOWS\system32\username.exe'
Parameters: ''
WorkingDirectory: ''
Comment: 'Vytvoril: NetScheduleJobAdd'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 08/09/2007 14:54:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
[WARN ] Unrecognized bits = 200000
TaskFlags: 0

1 Trigger

Trigger 0:
Type: MonthlyDate
Days: 9
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 06/18/2006
EndDate: 00/00/0000
StartTime: 14:54
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'At8.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\WINDOWS\system32\expIorer.exe'
Parameters: ''
WorkingDirectory: ''
Comment: 'Vytvoril: NetScheduleJobAdd'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 08/07/2007 14:54:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
[WARN ] Unrecognized bits = 200000
TaskFlags: 0

1 Trigger

Trigger 0:
Type: MonthlyDate
Days: 7
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 06/18/2006
EndDate: 00/00/0000
StartTime: 14:54
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'At9.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\WINDOWS\system32\sp2protect.exe'
Parameters: ''
WorkingDirectory: ''
Comment: 'Vytvoril: NetScheduleJobAdd'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 08/15/2007 14:54:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
[WARN ] Unrecognized bits = 200000
TaskFlags: 0

1 Trigger

Trigger 0:
Type: MonthlyDate
Days: 15
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 06/18/2006
EndDate: 00/00/0000
StartTime: 14:54
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Uniblue SpeedUpMyPC Nag.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe'
Parameters: '-s'
WorkingDirectory: ''
Comment: ''
Creator: 'Nešpor'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 07/05/2007 9:47:00
NextRun: 08/04/2007 9:47:00
StartError: S_OK
ExitCode: 0xf060
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 10
StartDate: 06/25/2007
EndDate: 00/00/0000
StartTime: 09:47
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Uniblue SpeedUpMyPC.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe'
Parameters: '-s'
WorkingDirectory: 'C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe'
Comment: 'Uniblue SpeedUpMyPC Scheduler'
Creator: 'Nešpor'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 00/00/0000 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_NOT_SCHEDULED
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

No triggers


[TRACE] Activating job 'Uniblue SpyEraser.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe'
Parameters: '-s'
WorkingDirectory: 'C:\Program Files\Uniblue\SpyEraser\'
Comment: 'Uniblue SpyEraser Scheduler'
Creator: 'Nešpor'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 00/00/0000 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_NOT_SCHEDULED
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

No triggers

[fredik]

Řekni jestli se povedlo to co psal sakiri s Avengerem.

Stáhni si Suspicious File Packer
Rozbal ho a spusť ho (soubor sfp.exe)
Do okna které se ti zobrazí zkopíruj a vlož tento tučně označený text:
C:\WINDOWS\system32\expIorer.exe
C:\WINDOWS\system32\username.exe
C:\WINDOWS\system32\sp2protect.exe

pak klikni na tlačítko Continue
Program se ti přepne do druhého okna Step2: Create archive
Zavři program.
Na ploše se ti vytvoří soubor requested-files[2007-07-30_HH_MM].cab (kde HH - hodina a MM minuty)
Ten pak zkus vložit ke svému příspěvku jako přílohu.

Poznámka: Je možné že už dané soubory nebudeš mít na disku, takže se ti nemusí vytvořit archiv.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni si na plochu ComboFix

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený tučně:
DirLook::
C:\Documents and Settings\All Users\DATAAP~1\wma multi this chic
C:\Documents and Settings\All Users\DATAAP~1\akcnicestinashw
C:\Documents and Settings\Neçpor\DATAAP~1\akcnicestinashw
C:\Documents and Settings\¦ANETA\DATAAP~1\akcnicestinashw

Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Vlož sem log, který vyběhne v závěru čistícího procesu
- Jinak nejdeš log po ukončení programu zde: C:\ComboFix.txt

[gena17]

Snad sem to zvládnul jak si chtěl
ComboFix
ComboFix 07-07-30.2 - "Neçpor" 2007-07-30 14:28:35.1 [GMT 2:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.True
Command switches used :: C:\Documents and Settings\Ne?por\Plocha\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\LAURA\DATAAP~1\FunWebProducts
C:\DOCUME~1\LAURA\DATAAP~1\FunWebProducts\Data\LAURA\avatar.dat
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 )))))))))))))))))))))))))))))))


2007-07-29 21:15 <DIR> d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\Zoner
2007-07-29 21:14 <DIR> d-------- C:\Program Files\Zoner
2007-07-29 21:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-29 21:11 8,793,088 --a------ C:\Program Files\zme5_cz_classic_free.exe
2007-07-29 11:00 57,344 --a------ C:\WINDOWS\system32\VBA332ME.DLL
2007-07-29 11:00 1,439,744 --a------ C:\Program Files\wwsetup.exe
2007-07-29 11:00 <DIR> d-------- C:\Program Files\Wordware
2007-07-29 11:00 <DIR> d-------- C:\MSOffice
2007-07-29 11:00 <DIR> d-------- C:\Microsoft Office
2007-07-29 10:53 6,089,162 --a------ C:\Program Files\InstalFormix(2).exe
2007-07-29 10:39 139,264 --a------ C:\WINDOWS\system32\FODBCLib.dll
2007-07-29 10:39 <DIR> d-------- C:\Program Files\Formix SE
2007-07-29 10:38 6,089,162 --a------ C:\Program Files\InstalFormix.exe
2007-07-29 09:59 2,720,456 --a------ C:\Program Files\ccsetup141.exe
2007-07-25 21:02 14,269,818 --a------ C:\Program Files\WinCH2_setup.exe
2007-07-25 20:49 7,069,897 --a------ C:\Program Files\setup.exe
2007-07-25 19:23 <DIR> d-------- C:\Program Files\Rockstar Games
2007-07-25 18:28 644 --a------ C:\find.bat
2007-07-24 22:29 <DIR> d-------- C:\Program Files\GTA Vice City CZ
2007-07-23 22:19 77,312 --a------ C:\WINDOWS\ua2.dll
2007-07-22 17:42 <DIR> d-------- C:\DOCUME~1\LAURA\DATAAP~1\BitDownload
2007-07-17 19:14 <DIR> d-------- C:\Program Files\PopTray
2007-07-17 19:11 0 --a------ C:\WINDOWS\system32\w32apiw.dll
2007-07-17 19:11 <DIR> d-------- C:\Program Files\NKProds
2007-07-17 19:11 <DIR> d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\nCleaner
2007-07-17 18:57 <DIR> d-------- C:\Program Files\FireTune
2007-07-16 23:08 <DIR> d-------- C:\Program Files\Web Hottest Videos Personal Player
2007-07-16 22:48 <DIR> d-------- C:\Program Files\New Support Camp
2007-07-16 22:48 <DIR> d-------- C:\My Downloads
2007-07-16 22:48 <DIR> d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\New Support Camp
2007-07-16 22:48 <DIR> d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\BitDownload
2007-07-16 22:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\wma multi this chic
2007-07-12 19:14 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-07-12 18:44 <DIR> d-------- C:\Program Files\OO Software
2007-07-06 21:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DATAAP~1\Talkback
2007-07-06 21:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DATAAP~1\ICQ
2007-07-06 20:36 <DIR> d-------- C:\_work
2007-07-06 11:18 <DIR> d-------- C:\Program Files\Active Data Recovery Services
2007-07-05 23:35 <DIR> d-------- C:\WINDOWS\Prefetch
2007-07-05 23:30 7,438 --a------ C:\WINDOWS\system32\eInstall.dat
2007-07-05 23:27 <DIR> d-------- C:\PUB
2007-07-05 23:20 508,928 --a------ C:\WINDOWS\system32\eInstall.exe
2007-07-05 23:20 32,768 --a------ C:\WINDOWS\system32\esmxlog.dll
2007-07-05 23:20 138,000 --a------ C:\WINDOWS\system32\drivers\klif108.sys
2007-07-05 23:20 117,008 --a------ C:\WINDOWS\system32\drivers\klif50.sys
2007-07-05 23:20 <DIR> d-------- C:\WINDOWS\system32\ES_SETUP
2007-07-05 23:20 <DIR> d-------- C:\Program Files\eScan
2007-07-05 23:20 <DIR> d-------- C:\AVPDOS
2007-07-04 10:19 <DIR> d-------- C:\DOCUME~1\ANETA~1\DATAAP~1\ICQ Toolbar
2007-07-03 13:09 <DIR> d-------- C:\DOCUME~1\ANETA~1\DATAAP~1\ICQ
2007-07-02 20:01 <DIR> d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\OLYMPUS
2007-07-02 19:47 <DIR> d-------- C:\Binaries
2007-07-02 19:46 319,488 --------- C:\WINDOWS\system32\Pvmjpg21.dll
2007-07-02 19:46 <DIR> d-------- C:\Program Files\OLYMPUS
2007-07-02 19:45 86,016 --a------ C:\WINDOWS\system32\bgsvcgen.exe
2007-07-02 19:45 57,344 --a------ C:\WINDOWS\system32\GenSvcInst.exe
2007-07-02 19:45 32,256 --a------ C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2007-07-02 19:43 <DIR> d-------- C:\Program Files\PIXELA
2007-06-29 17:20 <DIR> d-------- C:\Program Files\DVDFab Platinum 3
2007-06-26 20:04 <DIR> d-------- C:\Program Files\STARWARS_TheBattleOfYavin_v11
2007-06-26 19:50 <DIR> d-------- C:\Program Files\GameTop.com
2007-06-26 19:44 <DIR> d-------- C:\PPK
2007-06-24 19:10 229,057 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_1625.exe
2007-06-24 19:10 <DIR> d-------- C:\Program Files\Alcohol Toolbar
2007-06-23 23:43 <DIR> d-------- C:\Program Files\CatchTheSperm2
2007-06-23 23:13 65,879 --a------ C:\WINDOWS\system32\3D LOTR EYE OF SAURON.scr
2007-06-23 23:13 <DIR> d-------- C:\Program Files\3D LOTR Eye of Sauron
2007-06-23 22:17 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-06-23 22:17 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-06-23 22:17 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-06-21 21:53 <DIR> d-------- C:\Program Files\Player Tool
2007-06-21 21:47 <DIR> d-------- C:\Program Files\Multi_Media
2007-06-21 21:23 <DIR> d-------- C:\Program Files\BitTorrent Fastest Tool
2007-06-21 20:52 <DIR> d-------- C:\Virtual
2007-06-21 20:45 <DIR> d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\ICQ Toolbar
2007-06-21 20:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\BufferZone
2007-06-21 20:44 <DIR> d-------- C:\Program Files\Secured_eMule
2007-06-21 20:44 <DIR> d-------- C:\Program Files\BufferZone
2007-06-21 20:43 <DIR> d-------- C:\Program Files\Secured eMule
2007-06-21 20:21 <DIR> d-------- C:\Program Files\eMule
2007-06-18 22:48 987,648 --a------ C:\WINDOWS\is-R0JOA.exe
2007-06-17 15:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\vsosdk
2007-06-17 14:06 <DIR> d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\Registry Cleaner
2007-06-17 14:05 <DIR> d-------- C:\Program Files\Registry Cleaner Trial
2007-06-15 22:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-06-15 22:28 170 --a------ C:\combo.vbs
2007-06-15 19:44 <DIR> d-------- C:\DOCUME~1\NEPOR~1\Crack
2007-06-15 18:16 <DIR> d-------- C:\Program Files\Gabest
2007-06-15 18:15 <DIR> d-------- C:\Program Files\GordianKnot
2007-06-10 22:10 640 --a------ C:\settings.dat
2007-06-10 18:17 <DIR> d-------- C:\Program Files\SensorsViewPro31
2007-06-10 17:57 5,248 --a------ C:\WINDOWS\system32\drivers\giveio.sys
2007-06-10 13:36 <DIR> d-------- C:\platodvdcopy
2007-06-10 11:15 <DIR> d-------- C:\DVDFab_Temp
2007-06-10 10:22 94,002 --a------ C:\WINDOWS\winsbak2.reg
2007-06-10 10:22 43,520 --a------ C:\WINDOWS\killproc.exe
2007-06-10 10:22 12,946 --a------ C:\WINDOWS\winsbak.reg
2007-06-10 10:22 <DIR> d-------- C:\Program Files\Common Files\MicroWorld
2007-06-10 10:22 <DIR> d-------- C:\DOCUME~1\REMOTE~1\ćablony
2007-06-10 10:22 <DIR> d-------- C:\DOCUME~1\REMOTE~1\Plocha


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-30 14:50 429066 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-07-30 14:07 264875 --a------ C:\Program Files\sfp.zip
2007-07-29 20:19 --------- d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\ConMet
2007-07-29 15:59 --------- d-------- C:\Program Files\Settings
2007-07-29 15:59 --------- d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\Skype
2007-07-29 11:51 24710 --a------ C:\Program Files\fv(2).zip
2007-07-26 20:53 --------- d-------- C:\Program Files\Lexmark 1200 Series
2007-07-26 20:32 --------- d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\OpenOffice.org2
2007-07-26 10:19 826262 --a------ C:\Program Files\pharaohphobia.dcr
2007-07-26 08:42 --------- d-------- C:\Program Files\AquaDigger
2007-07-25 23:59 24710 --a------ C:\Program Files\fv.zip
2007-07-25 21:23 --------- d-------- C:\Program Files\Scorpions WinCheater
2007-07-25 19:37 --------- d-------- C:\Program Files\GameSpy Arcade
2007-07-25 19:23 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-24 16:47 --------- d-------- C:\Program Files\SUPERAntiSpyware
2007-07-24 16:47 --------- d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\SUPERAntiSpyware.com
2007-07-22 10:08 --------- d-------- C:\Program Files\ConMet
2007-07-17 18:57 737280 --a------ C:\WINDOWS\iun6002.exe
2007-07-17 08:11 --------- d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\Vso
2007-07-17 04:25 --------- d-------- C:\Program Files\Downloads
2007-07-16 23:52 --------- d-------- C:\Program Files\EKucharka
2007-07-16 23:25 --------- d-------- C:\Program Files\temp
2007-07-11 10:12 76426 --a--c--- C:\WINDOWS\system32\perfc005.dat
2007-07-11 10:12 424578 --a--c--- C:\WINDOWS\system32\perfh005.dat
2007-07-06 12:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-05 20:02 --------- d-------- C:\Program Files\DVDFab Platinum
2007-07-05 10:52 11948 --a------ C:\Program Files\MyList.DcLst
2007-06-29 22:51 19766 --a------ C:\Program Files\files.xml.bz2
2007-06-25 10:46 --------- d-------- C:\Program Files\Uniblue
2007-06-25 10:14 --------- d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\Uniblue
2007-06-25 10:06 --------- d-------- C:\Program Files\AOL Security Toolbar
2007-06-24 16:15 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-23 22:17 --------- d-------- C:\Program Files\vso
2007-06-17 14:21 --------- d-------- C:\Program Files\T-Station Herny Klient
2007-06-15 18:16 --------- d-------- C:\Program Files\AviSynth 2.5
2007-06-13 18:59 --------- d-------- C:\Program Files\Soulseek
2007-06-04 21:51 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-04 20:08 --------- d-------- C:\Program Files\Dvd-cloner
2007-06-04 09:59 12468 --a------ C:\WINDOWS\mozver.dat
2007-06-02 18:58 --------- d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\uTorrent
2007-06-02 08:36 --------- d-------- C:\Program Files\IDOS
2007-06-02 08:23 4 --a------ C:\WINDOWS\info147.sys
2007-06-01 00:04 --------- d-------- C:\Program Files\FileLists
2007-05-31 19:04 --------- d-------- C:\Program Files\Dial-Messenger
2007-05-30 09:47 --------- d-------- C:\Program Files\Vg
2007-05-29 22:59 --------- d-------- C:\Program Files\AVI DivX to DVD SVCD VCD Converter
2007-05-16 17:18 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-07 22:33 68 --a------ C:\WINDOWS\GPlrLanc.dat
2007-05-05 13:17 87608 --a------ C:\DOCUME~1\NEPOR~1\DATAAP~1\inst.exe
2007-05-05 13:17 47360 --a------ C:\DOCUME~1\NEPOR~1\DATAAP~1\pcouffin.sys
2007-05-01 09:26 516096 --a------ C:\WINDOWS\UN32.EXE
2006-09-12 16:04 81920 --a------ C:\DOCUME~1\NEPOR~1\DATAAP~1\ezpinst.exe
2006-07-13 12:45 6064640 --a------ C:\Program Files\icq5_1_setup.exe
2005-07-24 16:09 60595 --a------ C:\Program Files\cestina.xml
2005-07-24 16:00 2887680 --a------ C:\Program Files\StrongDC.exe
2003-08-16 18:56:00 579,584 -csha-r C:\WINDOWS\system32\cd.exe
2005-11-06 11:49:53 184,618 --sha-r C:\WINDOWS\system32\patcher.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2007-05-27 13:17 1326104 --a------ C:\Program Files\Secured_eMule\tbSecu.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= C:\Program Files\Secured_eMule\tbSecu.dll [2007-05-27 13:17 1326104]

[-HKEY_CLASSES_ROOT\CLSID\{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\ATI-CPanel\atiptaxx.exe" [2005-01-19 22:40]
"ConMet"="C:\Program Files\ConMet\ConMet.exe" [2007-04-15 10:39]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2006-01-25 11:21]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 07:19]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-03 22:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 21:57]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-16 02:28:46]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:00]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVDIdle Pro\DVDShell.dll [2004-10-09 15:18 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMail]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NOD32krn"=2 (0x2)

R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\system32\drivers\prohlp02.sys
R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\system32\drivers\prosync1.sys
R0 REDLIGHT;REDLIGHT;C:\WINDOWS\system32\drivers\REDLIGHT.SYS
R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\system32\drivers\sfhlp01.sys
R0 speedfan;speedfan;C:\WINDOWS\system32\speedfan.sys
R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS
R0 uagp35;Filtr Microsoft AGPv3.5;C:\WINDOWS\system32\DRIVERS\uagp35.sys
R1 cdrbsdrv;cdrbsdrv;C:\WINDOWS\system32\drivers\cdrbsdrv.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\system32\drivers\prodrv06.sys
R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4;C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
R2 BufferZoneSvc;BufferZone Service;"C:\Program Files\BufferZone\ClntSvc.exe"
R2 ElbyCDIO;ElbyCDIO Driver;C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
R2 eScan-trayicos;eScan Server-Updater;C:\PROGRA~1\eScan\TRAYSSER.EXE
R2 MCSTRM;MCSTRM;C:\WINDOWS\system32\drivers\MCSTRM.sys
R2 sensorsview;sensorsview;\??\C:\WINDOWS\system32\drivers\sensorsview.sys
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
R2 X4HSX32;X4HSX32;\??\C:\Program Files\T-Station Herny Klient\X4HSX32.Sys
R3 ElbyCDFL;ElbyCDFL;C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
R3 ElbyDelay;ElbyDelay;C:\WINDOWS\system32\Drivers\ElbyDelay.sys
R3 Pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\Pcouffin.sys
S3 61883;61883 Unit Device;C:\WINDOWS\system32\DRIVERS\61883.sys
S3 Avc;AVC Device;C:\WINDOWS\system32\DRIVERS\avc.sys
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 TVICHW32;TVICHW32;\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


Contents of the 'Scheduled Tasks' folder
2007-06-09 13:10:00 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\username.exe
2007-07-07 13:10:01 C:\WINDOWS\Tasks\At11.job
2007-05-15 13:10:00 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\sp2protect.exe
2007-06-09 13:17:00 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\username.exe
2007-07-07 13:17:01 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\expIorer.exe
2007-05-15 13:17:00 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\sp2protect.exe
2007-07-07 12:30:01 C:\WINDOWS\Tasks\At2.job
2007-05-15 12:30:00 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\sp2protect.exe
2007-06-09 12:38:00 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\username.exe
2007-07-07 12:38:00 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\expIorer.exe
2007-05-15 12:38:00 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\sp2protect.exe
2007-06-09 12:54:00 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\username.exe
2007-07-07 12:54:00 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\expIorer.exe
2007-05-15 12:54:00 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\sp2protect.exe
2007-07-25 07:47:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
2007-06-25 07:47:04 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
2007-06-25 08:17:14 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-30 14:49:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths]
"}\1A?N?E?T?A?"="C:\Documents and Settings\\x017dANETA\Dokumenty"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Hints\}\1A]
@="pes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000022f

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-30 15:02:32
C:\ComboFix-quarantined-files.txt ... 2007-07-30 15:02

--- E O F ---

Request
Requested file archive from 2007-07-30 14:10:54
Created by Suspicious File Packer 0.2
Copyright © 2004-2005 Safer Networking Limited. All rights reserved.

Requests:
C:\WINDOWS\system32\expIorer.exe
C:\WINDOWS\system32\username.exe
C:\WINDOWS\system32\sp2protect.exe

Operations:

[fredik]

Znovu proveď postup s Combofixem, vytvoř nový CFScript a vlož tam tentokrát tento text označený zeleně.

Kód: Vybrat vše

File::
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

Folder::
C:\DOCUME~1\LAURA\DATAAP~1\BitDownload
C:\DOCUME~1\NEPOR~1\DATAAP~1\BitDownload

FileLook::
C:\WINDOWS\system32\expIorer.exe
C:\WINDOWS\system32\username.exe
C:\WINDOWS\system32\sp2protect.exe

DirLook::
C:\DOCUME~1\ALLUSE~1\DATAAP~1\wma multi this chic
C:\DOCUME~1\ALLUSE~1\DATAAP~1\akcnicestinashw
C:\DOCUME~1\NEPOR~1\DATAAP~1\akcnicestinashw

Po proběhnutí Combofixu sem vlož log, který se ti zobrazí.

[gena17]

"Neçpor" - 2007-07-31 21:43:02 - ComboFix 07-07-04.4 - Service Pack 2
Command switches used :: C:\Documents and Settings\Ne?por\Plocha\CFScript.txt


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 )))))))))))))))))))))))))))))))


2007-07-29 21:15 <DIR> d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\Zoner
2007-07-29 21:14 <DIR> d-------- C:\Program Files\Zoner
2007-07-29 21:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-29 21:11 8,793,088 --a------ C:\Program Files\zme5_cz_classic_free.exe
2007-07-29 11:00 57,344 --a------ C:\WINDOWS\system32\VBA332ME.DLL
2007-07-29 11:00 1,439,744 --a------ C:\Program Files\wwsetup.exe
2007-07-29 11:00 <DIR> d-------- C:\Program Files\Wordware
2007-07-29 11:00 <DIR> d-------- C:\MSOffice
2007-07-29 11:00 <DIR> d-------- C:\Microsoft Office
2007-07-29 10:53 6,089,162 --a------ C:\Program Files\InstalFormix(2).exe
2007-07-29 10:39 139,264 --a------ C:\WINDOWS\system32\FODBCLib.dll
2007-07-29 10:38 6,089,162 --a------ C:\Program Files\InstalFormix.exe
2007-07-29 09:59 2,720,456 --a------ C:\Program Files\ccsetup141.exe
2007-07-25 21:02 14,269,818 --a------ C:\Program Files\WinCH2_setup.exe
2007-07-25 20:49 7,069,897 --a------ C:\Program Files\setup.exe
2007-07-25 19:23 <DIR> d-------- C:\Program Files\Rockstar Games
2007-07-25 18:28 644 --a------ C:\find.bat
2007-07-24 22:29 <DIR> d-------- C:\Program Files\GTA Vice City CZ
2007-07-23 22:19 77,312 --a------ C:\WINDOWS\ua2.dll
2007-07-22 17:42 <DIR> d-------- C:\DOCUME~1\LAURA\DATAAP~1\BitDownload
2007-07-17 19:14 <DIR> d-------- C:\Program Files\PopTray
2007-07-17 19:11 0 --a------ C:\WINDOWS\system32\w32apiw.dll
2007-07-17 19:11 <DIR> d-------- C:\Program Files\NKProds
2007-07-17 19:11 <DIR> d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\nCleaner
2007-07-17 18:57 <DIR> d-------- C:\Program Files\FireTune
2007-07-16 23:08 <DIR> d-------- C:\Program Files\Web Hottest Videos Personal Player
2007-07-16 22:48 <DIR> d-------- C:\Program Files\New Support Camp
2007-07-16 22:48 <DIR> d-------- C:\My Downloads
2007-07-16 22:48 <DIR> d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\New Support Camp
2007-07-16 22:48 <DIR> d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\BitDownload
2007-07-16 22:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\wma multi this chic
2007-07-12 19:14 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-07-12 18:44 <DIR> d-------- C:\Program Files\OO Software
2007-07-06 21:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DATAAP~1\Talkback
2007-07-06 21:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DATAAP~1\ICQ
2007-07-06 20:36 <DIR> d-------- C:\_work
2007-07-06 11:18 <DIR> d-------- C:\Program Files\Active Data Recovery Services
2007-07-05 23:35 <DIR> d-------- C:\WINDOWS\Prefetch
2007-07-05 23:30 7,438 --a------ C:\WINDOWS\system32\eInstall.dat
2007-07-05 23:27 <DIR> d-------- C:\PUB
2007-07-05 23:20 508,928 --a------ C:\WINDOWS\system32\eInstall.exe
2007-07-05 23:20 32,768 --a------ C:\WINDOWS\system32\esmxlog.dll
2007-07-05 23:20 138,000 --a------ C:\WINDOWS\system32\drivers\klif108.sys
2007-07-05 23:20 117,008 --a------ C:\WINDOWS\system32\drivers\klif50.sys
2007-07-05 23:20 <DIR> d-------- C:\WINDOWS\system32\ES_SETUP
2007-07-05 23:20 <DIR> d-------- C:\Program Files\eScan
2007-07-05 23:20 <DIR> d-------- C:\AVPDOS
2007-07-04 10:19 <DIR> d-------- C:\DOCUME~1\ANETA~1\DATAAP~1\ICQ Toolbar
2007-07-03 13:09 <DIR> d-------- C:\DOCUME~1\ANETA~1\DATAAP~1\ICQ
2007-07-02 20:01 <DIR> d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\OLYMPUS
2007-07-02 19:47 <DIR> d-------- C:\Binaries
2007-07-02 19:46 319,488 --------- C:\WINDOWS\system32\Pvmjpg21.dll
2007-07-02 19:46 <DIR> d-------- C:\Program Files\OLYMPUS
2007-07-02 19:45 86,016 --a------ C:\WINDOWS\system32\bgsvcgen.exe
2007-07-02 19:45 57,344 --a------ C:\WINDOWS\system32\GenSvcInst.exe
2007-07-02 19:45 32,256 --a------ C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2007-07-02 19:43 <DIR> d-------- C:\Program Files\PIXELA
2007-06-29 17:20 <DIR> d-------- C:\Program Files\DVDFab Platinum 3
2007-06-26 20:04 <DIR> d-------- C:\Program Files\STARWARS_TheBattleOfYavin_v11
2007-06-26 19:50 <DIR> d-------- C:\Program Files\GameTop.com
2007-06-26 19:44 <DIR> d-------- C:\PPK
2007-06-24 19:10 229,057 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_1625.exe
2007-06-24 19:10 <DIR> d-------- C:\Program Files\Alcohol Toolbar
2007-06-23 23:43 <DIR> d-------- C:\Program Files\CatchTheSperm2
2007-06-23 23:13 65,879 --a------ C:\WINDOWS\system32\3D LOTR EYE OF SAURON.scr
2007-06-23 23:13 <DIR> d-------- C:\Program Files\3D LOTR Eye of Sauron
2007-06-23 22:17 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-06-23 22:17 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-06-23 22:17 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-06-21 21:53 <DIR> d-------- C:\Program Files\Player Tool
2007-06-21 21:47 <DIR> d-------- C:\Program Files\Multi_Media
2007-06-21 21:23 <DIR> d-------- C:\Program Files\BitTorrent Fastest Tool
2007-06-21 20:52 <DIR> d-------- C:\Virtual
2007-06-21 20:45 <DIR> d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\ICQ Toolbar
2007-06-21 20:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\BufferZone
2007-06-21 20:44 <DIR> d-------- C:\Program Files\Secured_eMule
2007-06-21 20:44 <DIR> d-------- C:\Program Files\BufferZone
2007-06-21 20:43 <DIR> d-------- C:\Program Files\Secured eMule
2007-06-21 20:21 <DIR> d-------- C:\Program Files\eMule
2007-06-18 22:48 987,648 --a------ C:\WINDOWS\is-R0JOA.exe
2007-06-17 15:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\vsosdk
2007-06-17 14:06 <DIR> d-------- C:\DOCUME~1\NEPOR~1\DATAAP~1\Registry Cleaner
2007-06-17 14:05 <DIR> d-------- C:\Program Files\Registry Cleaner Trial
2007-06-15 22:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-06-15 22:28 170 --a------ C:\combo.vbs
2007-06-15 19:44 <DIR> d-------- C:\DOCUME~1\NEPOR~1\Crack
2007-06-15 18:16 <DIR> d-------- C:\Program Files\Gabest
2007-06-15 18:15 <DIR> d-------- C:\Program Files\GordianKnot
2007-06-10 22:10 640 --a------ C:\settings.dat
2007-06-10 18:17 <DIR> d-------- C:\Program Files\SensorsViewPro31
2007-06-10 17:57 5,248 --a------ C:\WINDOWS\system32\drivers\giveio.sys
2007-06-10 13:36 <DIR> d-------- C:\platodvdcopy
2007-06-10 11:15 <DIR> d-------- C:\DVDFab_Temp
2007-06-10 10:22 94,002 --a------ C:\WINDOWS\winsbak2.reg
2007-06-10 10:22 43,520 --a------ C:\WINDOWS\killproc.exe
2007-06-10 10:22 12,946 --a------ C:\WINDOWS\winsbak.reg
2007-06-10 10:22 <DIR> d-------- C:\Program Files\Common Files\MicroWorld
2007-06-10 10:22 <DIR> d-------- C:\DOCUME~1\REMOTE~1\ćablony
2007-06-10 10:22 <DIR> d-------- C:\DOCUME~1\REMOTE~1\Plocha
2007-06-10 10:22 <DIR> d-------- C:\DOCUME~1\REMOTE~1\Oblˇben‚ polo§ky


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-31 06:38:21 -------- d-----w C:\DOCUME~1\NEPOR~1\DATAAP~1\ConMet
2007-07-29 13:59:59 -------- d-----w C:\Program Files\Settings
2007-07-29 13:59:56 -------- d-----w C:\DOCUME~1\NEPOR~1\DATAAP~1\Skype
2007-07-26 18:53:49 -------- d-----w C:\Program Files\Lexmark 1200 Series
2007-07-26 18:32:11 -------- d-----w C:\DOCUME~1\NEPOR~1\DATAAP~1\OpenOffice.org2
2007-07-26 06:42:00 -------- d-----w C:\Program Files\AquaDigger
2007-07-25 19:23:49 -------- d-----w C:\Program Files\Scorpions WinCheater
2007-07-25 17:37:36 -------- d-----w C:\Program Files\GameSpy Arcade
2007-07-25 17:23:57 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-24 14:47:52 -------- d-----w C:\DOCUME~1\NEPOR~1\DATAAP~1\SUPERAntiSpyware.com
2007-07-24 14:47:48 -------- d-----w C:\Program Files\SUPERAntiSpyware
2007-07-22 08:08:36 -------- d-----w C:\Program Files\ConMet
2007-07-17 16:57:16 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-07-17 06:11:27 -------- d-----w C:\DOCUME~1\NEPOR~1\DATAAP~1\Vso
2007-07-17 02:25:22 -------- d-----w C:\Program Files\Downloads
2007-07-16 21:52:08 -------- d-----w C:\Program Files\EKucharka
2007-07-16 21:25:01 -------- d-----w C:\Program Files\temp
2007-07-11 08:12:02 76,426 ----a-w C:\WINDOWS\system32\perfc005.dat
2007-07-11 08:12:02 424,578 ----a-w C:\WINDOWS\system32\perfh005.dat
2007-07-06 10:15:18 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-07-05 18:02:24 -------- d-----w C:\Program Files\DVDFab Platinum
2007-06-25 08:46:35 -------- d-----w C:\Program Files\Uniblue
2007-06-25 08:14:46 -------- d-----w C:\DOCUME~1\NEPOR~1\DATAAP~1\Uniblue
2007-06-25 08:06:59 -------- d-----w C:\Program Files\AOL Security Toolbar
2007-06-24 14:15:20 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-06-23 20:17:46 -------- d-----w C:\Program Files\vso
2007-06-17 12:21:48 -------- d-----w C:\Program Files\T-Station Herny Klient
2007-06-15 16:16:18 -------- d-----w C:\Program Files\AviSynth 2.5
2007-06-13 16:59:21 -------- d-----w C:\Program Files\Soulseek
2007-06-04 19:51:49 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-04 18:08:42 -------- d-----w C:\Program Files\Dvd-cloner
2007-06-04 07:59:03 12,468 ----a-w C:\WINDOWS\mozver.dat
2007-06-02 16:58:12 -------- d-----w C:\DOCUME~1\NEPOR~1\DATAAP~1\uTorrent
2007-06-02 06:36:48 -------- d-----w C:\Program Files\IDOS
2007-06-02 06:23:48 4 ----a-w C:\WINDOWS\info147.sys
2007-05-31 22:04:29 -------- d-----w C:\Program Files\FileLists
2007-05-31 17:04:17 -------- d-----w C:\Program Files\Dial-Messenger
2007-05-30 07:47:27 -------- d-----w C:\Program Files\Vg
2007-05-29 20:59:58 -------- d-----w C:\Program Files\AVI DivX to DVD SVCD VCD Converter
2007-05-16 15:18:40 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-07 20:33:17 68 ----a-w C:\WINDOWS\GPlrLanc.dat
2007-05-05 11:17:31 87,608 ----a-w C:\DOCUME~1\NEPOR~1\DATAAP~1\inst.exe
2007-05-05 11:17:31 47,360 ----a-w C:\DOCUME~1\NEPOR~1\DATAAP~1\pcouffin.sys
2007-05-01 07:26:04 516,096 ----a-w C:\WINDOWS\UN32.EXE
2003-08-16 18:56:00 579,584 -csha-r C:\WINDOWS\system32\cd.exe
2005-11-06 11:49:53 184,618 --sha-r C:\WINDOWS\system32\patcher.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2005-12-07 15:06 399424 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
2006-12-25 10:40 701952 --a------ C:\PROGRA~1\ICQTOO~1\toolbaru.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-23 00:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2007-05-27 13:17 1326104 --a------ C:\Program Files\Secured_eMule\tbSecu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
2007-05-01 09:25 491520 --a------ C:\TRANSLAT\WEBIE.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45AD732C-2CE2-4666-B366-B2214AD57A49}]
2006-07-09 22:06 278528 --a------ C:\Program Files\Desktop Sidebar\sbhelp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489}]
2007-06-24 19:10 798720 --a------ C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\ATI-CPanel\atiptaxx.exe" [2005-01-19 22:40]
"ConMet"="C:\Program Files\ConMet\ConMet.exe" [2007-04-15 10:39]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2006-01-25 11:21]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 07:19]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-03 22:54]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 21:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"="C:\Program Files\DVDIdle Pro\DVDShell.dll" [2004-10-09 15:18]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MSIServer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMail]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NOD32krn"=2 (0x2)


Contents of the 'Scheduled Tasks' folder
2007-06-09 13:10:00 C:\WINDOWS\tasks\At10.job
2007-07-07 13:10:01 C:\WINDOWS\tasks\At11.job
2007-05-15 13:10:00 C:\WINDOWS\tasks\At12.job
2007-06-09 13:17:00 C:\WINDOWS\tasks\At13.job
2007-07-07 13:17:01 C:\WINDOWS\tasks\At14.job
2007-05-15 13:17:00 C:\WINDOWS\tasks\At15.job
2007-07-07 12:30:01 C:\WINDOWS\tasks\At2.job
2007-05-15 12:30:00 C:\WINDOWS\tasks\At3.job
2007-06-09 12:38:00 C:\WINDOWS\tasks\At4.job
2007-07-07 12:38:00 C:\WINDOWS\tasks\At5.job
2007-05-15 12:38:00 C:\WINDOWS\tasks\At6.job
2007-06-09 12:54:00 C:\WINDOWS\tasks\At7.job
2007-07-07 12:54:00 C:\WINDOWS\tasks\At8.job
2007-05-15 12:54:00 C:\WINDOWS\tasks\At9.job
2007-07-25 07:47:00 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
2007-06-25 07:47:04 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
2007-06-25 08:17:14 C:\WINDOWS\tasks\Uniblue SpyEraser.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-31 21:49:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-31 21:51:30
C:\ComboFix-quarantined-files.txt ... 2007-07-31 21:51
C:\ComboFix2.txt ... 2007-07-30 15:02

--- E O F ---

Ještě mi prosím tě řekni co to vůbec dělám.To sou všechno šmejdy?Takže mám napadenej PC?

[fredik]

Combofix měl smazat zadané soubory/adresáře a udělat výpis určených adresářů.
Buď máš verzi CF které má v sobě nějaký bug (nedávno takový byl, ale už byl odstraněný) nebo se někde vloudila chybička při postupu.

Avenger už máš tak použijeme ho.

spusť ho pod účtem administrátora.
Zvol možnost - Input script manually a klikni na ikonku lupy vyskočí prázdné okno kam zkopíruj tento tučný text:
Files to delete:
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

Folders to delete:
C:\Documents and Settings\LAURA\DATAAP~1\BitDownload
C:\Documents and Settings\Neçpor\DATAAP~1\BitDownload

Poté klikni na Done.
Pak klikni na ikonku semafory.
Vyskočí ti hláška kde odklikni Yes. PC se restartuje po restartu by ti měl "vyskočit" výpis z Avengeru tak ho sem zkopíruj.

[gena17]

A jak se dostanu na účet ADMINA?

[fredik]

Stačí ho spustit pod účtem, který je správcovský. Pokud účet na kterém jsi není účet s omezeným oprávněním tak to spusť v něm.