virus, prosim pomozte
to som skusal
to som skusal ale aj ked tam take body mam vypisuje mi to ze sa neda obnovit do predchadzajuceho stavu, to iste mi robilo aj vcera, kym som neodstranil tie subory, potom uz obnova fungovala
obsah combofixu zo vcera
ComboFix 08-01-18.5 - Pali 2008-01-18 22:04:27.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.251 [GMT 1:00]
Running from: C:\Documents and Settings\Pali\Plocha\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.
2008-01-18 21:59 . 2008-01-18 20:28 176,768 --a------ C:\FxBeagle.exe
2008-01-18 21:53 . 2008-01-18 21:02 2,733,928 --a------ C:\ccsetup204.exe
2008-01-18 21:53 . 2008-01-18 21:16 291,328 --a------ C:\OTMoveIt2.exe
2008-01-18 21:53 . 2008-01-18 21:17 288,654 --a------ C:\SafeBootKeyRepair.exe
2008-01-18 21:53 . 2008-01-18 20:48 77,824 --a------ C:\bdlaagui.com
2008-01-18 21:53 . 2008-01-18 21:07 61,440 --a------ C:\Antibaglej-en.exe
2008-01-18 21:53 . 2008-01-18 21:00 14,615 --a------ C:\T-Cleaner.bat
2008-01-18 21:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 20:20 . 2008-01-18 20:20 2,126 --a------ C:\WINDOWS\system32\wpa.dbl
2008-01-18 19:04 . 2008-01-18 19:05 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-18 18:19 . 2008-01-18 18:19 <DIR> d-------- C:\Program Files\XMLStomper
2008-01-18 18:19 . 2008-01-18 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Protexis
2008-01-18 17:01 . 2008-01-18 17:01 836 --a------ C:\WINDOWS\dreamcoder_mysql.INI
2008-01-18 16:58 . 2008-01-18 16:58 <DIR> d-------- C:\Program Files\Mentat Technologies
2008-01-16 21:42 . 2008-01-16 21:49 <DIR> d-------- C:\Program Files\Teroid Software
2008-01-16 21:30 . 2008-01-16 21:30 <DIR> d-------- C:\Documents and Settings\Pali\.sysdb20
2008-01-16 21:30 . 2008-01-16 21:35 <DIR> d-------- C:\Documents and Settings\Pali\.editix
2008-01-16 21:29 . 2008-01-16 21:29 <DIR> d-------- C:\Program Files\XML Notepad 2007
2008-01-16 21:29 . 2008-01-18 18:38 <DIR> d-------- C:\Program Files\RustemSoft
2008-01-16 21:29 . 2008-01-16 21:29 <DIR> d-------- C:\Program Files\editix
2008-01-16 21:19 . 2008-01-16 21:19 <DIR> d-------- C:\Program Files\XMLEditor
2008-01-16 20:07 . 2008-01-16 20:04 94,424 --a------ C:\metodicke_usmernenie[1].pdf
2008-01-15 17:51 . 2007-10-11 00:50 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-15 17:51 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-15 17:51 . 2007-07-01 04:36 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-15 17:51 . 2007-10-11 00:50 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-15 17:51 . 2007-10-11 00:50 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-15 17:51 . 2007-10-11 00:50 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-15 17:51 . 2007-10-11 00:50 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-15 17:51 . 2007-10-11 00:50 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-15 17:51 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-15 17:50 . 2008-01-15 17:52 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-01-15 17:37 . 2008-01-15 17:53 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-13 10:31 . 2008-01-13 10:31 750,080 --a------ C:\Rekzakona73a1998.doc
2008-01-08 16:03 . 2008-01-08 16:03 <DIR> d-------- C:\Program Files\DVDStyler
2008-01-08 16:03 . 2008-01-08 16:03 <DIR> d-------- C:\Documents and Settings\Pali\.thumb
2008-01-07 19:03 . 2008-01-07 19:03 <DIR> d-------- C:\Zaloha
2008-01-07 19:03 . 2008-01-07 19:03 <DIR> d-------- C:\V-SOFT Demo
2008-01-07 19:00 . 2008-01-07 19:05 <DIR> d-------- C:\Program Files\FirebirdSQL15
2008-01-07 19:00 . 2008-01-07 19:00 <DIR> d-------- C:\Program Files\EasyIS
2008-01-07 18:45 . 2008-01-07 18:45 <DIR> d-------- C:\Element
2008-01-06 15:50 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-06 15:49 . 2008-01-06 15:49 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-06 12:26 . 2008-01-06 12:26 <DIR> d-------- C:\Program Files\JanSoft
2008-01-05 20:37 . 2008-01-05 20:37 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag
2008-01-05 20:37 . 2008-01-05 20:37 <DIR> d-------- C:\Documents and Settings\Pali\Data aplikací\Auslogics
2008-01-05 13:19 . 2008-01-05 13:19 <DIR> d-------- C:\Program Files\humanIT
2008-01-03 20:13 . 2008-01-03 20:14 <DIR> d-------- C:\Program Files\Optimik
2008-01-02 20:22 . 2008-01-02 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-01-02 20:22 . 2008-01-02 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Anvsoft
2008-01-02 20:21 . 2008-01-02 20:22 <DIR> d-------- C:\Program Files\Photo DVD Maker Professional
2008-01-02 17:20 . 2008-01-02 19:33 <DIR> d-------- C:\Program Files\Photo Story 3 for Windows
2008-01-01 20:12 . 2008-01-01 20:19 <DIR> d-------- C:\Program Files\FTP Commander Deluxe
2008-01-01 19:23 . 2008-01-01 19:23 <DIR> d-------- C:\Program Files\WinSCP
2008-01-01 16:32 . 2008-01-01 16:32 <DIR> d-------- C:\Program Files\microsoft sql server
2007-12-29 08:58 . 2007-12-29 08:58 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2007-12-29 08:58 . 2007-12-29 08:58 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-29 08:58 . 2008-01-03 18:50 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2007-12-29 08:53 . 2008-01-05 21:31 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2007-12-29 08:52 . 2007-12-29 08:52 <DIR> d-------- C:\Program Files\Microsoft SDKs
2007-12-29 08:50 . 2007-12-29 08:50 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-29 08:50 . 2007-12-29 08:50 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-12-29 08:50 . 2007-12-29 08:50 <DIR> d-------- C:\Program Files\MSBuild
2007-12-29 08:48 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-12-28 21:24 . 2007-12-28 21:24 <DIR> d-------- C:\Program Files\Excel Compare
2007-12-27 18:26 . 2007-12-27 18:26 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2007-12-27 18:22 . 2007-12-27 18:22 <DIR> d-------- C:\Program Files\BurnAware Free Edition
2007-12-27 18:22 . 2007-12-27 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\{299A4764-43F6-4187-8CA5-672EB6C4D431}
2007-12-27 17:12 . 2007-12-27 17:12 <DIR> d-------- C:\Program Files\MSECache
2007-12-26 22:43 . 2007-12-26 22:49 212 --a------ C:\WINDOWS\CDPLAYER.UNI
2007-12-26 16:59 . 2007-12-30 14:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-26 16:59 . 2007-12-26 16:59 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-19 17:18 . 2008-01-01 19:03 <DIR> d-------- C:\Program Files\a-squared Free
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 18:36 --------- d-----w C:\Program Files\Arovax AntiSpyware
2008-01-16 20:04 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\Skype
2008-01-15 20:46 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\vmntoolbar
2008-01-13 11:15 --------- d-----w C:\Program Files\SokkerViewer
2008-01-12 11:22 --------- d-----w C:\Program Files\MZ Manager 2
2008-01-08 07:00 --------- d-----w C:\Documents and Settings\LocalService\Data aplikací\AVG7
2008-01-08 07:00 --------- d-----w C:\Documents and Settings\LocalService\Data aplikací\AVG7
2008-01-08 07:00 --------- d-----w C:\Documents and Settings\LocalService\Data aplikací\AVG7
2008-01-07 18:35 --------- d-----w C:\Program Files\ITStudio
2008-01-06 14:50 --------- d-----w C:\Program Files\Java
2008-01-05 21:26 --------- d-----w C:\Program Files\DupKiller
2008-01-05 20:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 20:23 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-01-03 18:59 --------- d-----w C:\Program Files\Avant Browser
2008-01-01 18:05 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\AVG7
2007-12-25 17:30 --------- d-----w C:\Program Files\Google
2007-12-25 16:12 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\Spamihilator
2007-12-22 11:46 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\QuickTime
2007-12-19 17:33 --------- d-----w C:\Program Files\ConnectionServices
2007-12-09 19:00 --------- d-----w C:\Program Files\Gham
2007-12-08 19:04 --------- d-----w C:\Program Files\CDBFW
2007-12-08 11:54 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\stickies
2007-12-08 11:51 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-12-08 11:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-08 11:09 --------- d-----w C:\Program Files\Premium Booster
2007-12-08 11:02 --------- d-----w C:\Program Files\Evrsoft First Page 2006
2007-12-08 10:41 --------- d-----w C:\Program Files\CoffeeCup Software
2007-12-08 10:39 --------- d-----w C:\Program Files\vmntoolbar
2007-12-08 10:18 --------- d-----w C:\Program Files\Trellian
2007-12-07 18:45 --------- d-----w C:\Program Files\Crossword Compiler 8
2007-12-07 17:37 --------- d-----w C:\Program Files\Crossword Compiler 81
2007-12-05 20:33 --------- d-----w C:\Program Files\UnderCoverXP
2007-12-04 19:30 --------- d-----w C:\Program Files\Spamihilator
2007-12-03 20:41 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\ICQ
2007-12-03 18:55 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\Thinstall
2007-12-02 16:36 --------- d-----w C:\Program Files\Hattrick Manager
2007-12-01 18:08 --------- d-----w C:\Program Files\Hattrick Forever
2007-11-30 22:04 --------- d-----w C:\Program Files\COMPARE IT!
2007-11-29 18:02 --------- d-----w C:\Program Files\Netscape
2007-11-29 17:57 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\Netscape
2007-11-28 21:50 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\Prism
2007-11-27 21:38 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\ICQ Toolbar
2007-11-27 21:04 --------- d-----w C:\Program Files\Opera 9.5 beta
2007-11-27 19:06 --------- d-----w C:\Program Files\ICQ6
2007-11-27 19:02 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\InstallShield
2007-11-27 17:35 --------- d-----w C:\Program Files\xBaseView
2007-11-27 17:27 --------- d-----w C:\Program Files\DBF Viewer 2000
2007-11-27 16:32 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Altova
2007-11-26 18:18 --------- d-----w C:\Program Files\Crossword Compiler 6
2007-11-24 19:36 --------- d-----w C:\Program Files\Peetee Software
2007-11-24 19:07 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\pokerth
2007-11-24 17:13 --------- d-----w C:\Program Files\HattrickPoli
2007-11-24 15:25 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\avg7
2007-11-24 09:47 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\Nitro PDF
2007-11-23 18:21 --------- d-----w C:\Program Files\VeryPDF PDF2Word v3.0
2007-11-23 17:15 --------- d-----w C:\Program Files\Foxit Software
2007-11-22 17:49 39,424 ----a-w C:\WINDOWS\zipinst.exe
2007-11-18 19:23 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-11-18 15:57 --------- d-----w C:\Program Files\stickies
2007-11-18 11:54 --------- d-----w C:\Program Files\TODO editor
2007-11-18 10:02 --------- d-----w C:\Program Files\Note-It
2007-11-18 09:57 --------- d-----w C:\Program Files\Fractalis Software
2007-11-18 09:55 --------- d-----w C:\Program Files\KirysTech2k
2007-11-16 20:16 72,704 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
2007-11-10 19:38 417,792 ----a-w C:\Documents and Settings\Pali\GL4JavbJauGljJNI14.dll
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-31 19:03 253,952 ------w C:\WINDOWS\Setup1.exe
2007-10-31 17:16 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
2007-10-31 17:16 249,856 ----a-w C:\WINDOWS\system32\pdfmona.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-22 15:05 73,216 ------w C:\WINDOWS\ST6UNST.EXE
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-08-05 17:39 397,312 ----a-w C:\Documents and Settings\Pali\jogl.dll
2007-06-05 16:05 11,482 ----a-w C:\Documents and Settings\Pali\ntuserdirect.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D940EED-467E-4732-96B3-8BAF0D5AFDFF}]
2006-10-18 11:00 114688 --a------ C:\Program Files\PC Messenger\PCMessengerBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9D940EED-467E-4732-96B3-8BAF0D5AFDFF}
{755F5DB1-A38D-476F-A4EB-4F7FA1DBB5CE}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{D2BF470E-ED1C-487F-A333-2BD8835EB6CE}
{D2BF470E-ED1C-487F-A666-2BD8835EB6CE}
[HKEY_CLASSES_ROOT\clsid\{9d940eed-467e-4732-96b3-8baf0d5afdff}]
[HKEY_CLASSES_ROOT\EtSmsDaBar.EtSmsBarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{BD041637-9EC8-4B47-97DD-084A4BD4B077}]
[HKEY_CLASSES_ROOT\EtSmsDaBar.EtSmsBarBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"german.exe"="C:\WINDOWS\system32\wintems.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-18 21:40 579072]
"SoundMan"="SOUNDMAN.EXE" [2002-08-02 12:00 46592 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-16 19:57 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-18 21:27 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= D:\Programy\Portable\PORTAB~1.9\DVDShell.dll [2004-10-10 00:18 49152]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AirLive Turbo-G Wireless Utility.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\AirLive Turbo-G Wireless Utility.lnk
backup=C:\WINDOWS\pss\AirLive Turbo-G Wireless Utility.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-01-16 19:57 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys [2002-06-06 00:07]
R2 extradrv;Extra Driver;C:\WINDOWS\system32\DRIVERS\extradrv.sys [2005-11-05 12:44]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\FirebirdSQL15\bin\fbguard.exe [2007-01-31 01:05]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\FirebirdSQL15\bin\fbserver.exe [2007-01-31 01:05]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S2 RadPciNT;RadPciNT;C:\WINDOWS\System32\Drivers\RadPciNT.sys [2000-04-24 17:26]
S2 ramdrive;RAM Driver;C:\WINDOWS\system32\DRIVERS\ramdrive.sys [2005-11-05 12:44]
S2 XAMPP;XAMPP Service;C:\xampp\service.exe [2006-10-23 14:24]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\INSTALL.EXE
.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 22:08:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-18 22:09:17
ComboFix-quarantined-files.txt 2008-01-18 21:09:02
ComboFix2.txt 2008-01-18 20:46:34
.
2008-01-16 16:03:39 --- E O F ---
ComboFix 08-01-18.5 - Pali 2008-01-18 22:04:27.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.251 [GMT 1:00]
Running from: C:\Documents and Settings\Pali\Plocha\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.
2008-01-18 21:59 . 2008-01-18 20:28 176,768 --a------ C:\FxBeagle.exe
2008-01-18 21:53 . 2008-01-18 21:02 2,733,928 --a------ C:\ccsetup204.exe
2008-01-18 21:53 . 2008-01-18 21:16 291,328 --a------ C:\OTMoveIt2.exe
2008-01-18 21:53 . 2008-01-18 21:17 288,654 --a------ C:\SafeBootKeyRepair.exe
2008-01-18 21:53 . 2008-01-18 20:48 77,824 --a------ C:\bdlaagui.com
2008-01-18 21:53 . 2008-01-18 21:07 61,440 --a------ C:\Antibaglej-en.exe
2008-01-18 21:53 . 2008-01-18 21:00 14,615 --a------ C:\T-Cleaner.bat
2008-01-18 21:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 20:20 . 2008-01-18 20:20 2,126 --a------ C:\WINDOWS\system32\wpa.dbl
2008-01-18 19:04 . 2008-01-18 19:05 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-18 18:19 . 2008-01-18 18:19 <DIR> d-------- C:\Program Files\XMLStomper
2008-01-18 18:19 . 2008-01-18 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Protexis
2008-01-18 17:01 . 2008-01-18 17:01 836 --a------ C:\WINDOWS\dreamcoder_mysql.INI
2008-01-18 16:58 . 2008-01-18 16:58 <DIR> d-------- C:\Program Files\Mentat Technologies
2008-01-16 21:42 . 2008-01-16 21:49 <DIR> d-------- C:\Program Files\Teroid Software
2008-01-16 21:30 . 2008-01-16 21:30 <DIR> d-------- C:\Documents and Settings\Pali\.sysdb20
2008-01-16 21:30 . 2008-01-16 21:35 <DIR> d-------- C:\Documents and Settings\Pali\.editix
2008-01-16 21:29 . 2008-01-16 21:29 <DIR> d-------- C:\Program Files\XML Notepad 2007
2008-01-16 21:29 . 2008-01-18 18:38 <DIR> d-------- C:\Program Files\RustemSoft
2008-01-16 21:29 . 2008-01-16 21:29 <DIR> d-------- C:\Program Files\editix
2008-01-16 21:19 . 2008-01-16 21:19 <DIR> d-------- C:\Program Files\XMLEditor
2008-01-16 20:07 . 2008-01-16 20:04 94,424 --a------ C:\metodicke_usmernenie[1].pdf
2008-01-15 17:51 . 2007-10-11 00:50 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-15 17:51 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-15 17:51 . 2007-07-01 04:36 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-15 17:51 . 2007-10-11 00:50 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-15 17:51 . 2007-10-11 00:50 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-15 17:51 . 2007-10-11 00:50 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-15 17:51 . 2007-10-11 00:50 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-15 17:51 . 2007-10-11 00:50 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-15 17:51 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-15 17:50 . 2008-01-15 17:52 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-01-15 17:37 . 2008-01-15 17:53 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-13 10:31 . 2008-01-13 10:31 750,080 --a------ C:\Rekzakona73a1998.doc
2008-01-08 16:03 . 2008-01-08 16:03 <DIR> d-------- C:\Program Files\DVDStyler
2008-01-08 16:03 . 2008-01-08 16:03 <DIR> d-------- C:\Documents and Settings\Pali\.thumb
2008-01-07 19:03 . 2008-01-07 19:03 <DIR> d-------- C:\Zaloha
2008-01-07 19:03 . 2008-01-07 19:03 <DIR> d-------- C:\V-SOFT Demo
2008-01-07 19:00 . 2008-01-07 19:05 <DIR> d-------- C:\Program Files\FirebirdSQL15
2008-01-07 19:00 . 2008-01-07 19:00 <DIR> d-------- C:\Program Files\EasyIS
2008-01-07 18:45 . 2008-01-07 18:45 <DIR> d-------- C:\Element
2008-01-06 15:50 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-06 15:49 . 2008-01-06 15:49 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-06 12:26 . 2008-01-06 12:26 <DIR> d-------- C:\Program Files\JanSoft
2008-01-05 20:37 . 2008-01-05 20:37 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag
2008-01-05 20:37 . 2008-01-05 20:37 <DIR> d-------- C:\Documents and Settings\Pali\Data aplikací\Auslogics
2008-01-05 13:19 . 2008-01-05 13:19 <DIR> d-------- C:\Program Files\humanIT
2008-01-03 20:13 . 2008-01-03 20:14 <DIR> d-------- C:\Program Files\Optimik
2008-01-02 20:22 . 2008-01-02 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-01-02 20:22 . 2008-01-02 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Anvsoft
2008-01-02 20:21 . 2008-01-02 20:22 <DIR> d-------- C:\Program Files\Photo DVD Maker Professional
2008-01-02 17:20 . 2008-01-02 19:33 <DIR> d-------- C:\Program Files\Photo Story 3 for Windows
2008-01-01 20:12 . 2008-01-01 20:19 <DIR> d-------- C:\Program Files\FTP Commander Deluxe
2008-01-01 19:23 . 2008-01-01 19:23 <DIR> d-------- C:\Program Files\WinSCP
2008-01-01 16:32 . 2008-01-01 16:32 <DIR> d-------- C:\Program Files\microsoft sql server
2007-12-29 08:58 . 2007-12-29 08:58 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2007-12-29 08:58 . 2007-12-29 08:58 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-29 08:58 . 2008-01-03 18:50 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2007-12-29 08:53 . 2008-01-05 21:31 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2007-12-29 08:52 . 2007-12-29 08:52 <DIR> d-------- C:\Program Files\Microsoft SDKs
2007-12-29 08:50 . 2007-12-29 08:50 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-29 08:50 . 2007-12-29 08:50 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-12-29 08:50 . 2007-12-29 08:50 <DIR> d-------- C:\Program Files\MSBuild
2007-12-29 08:48 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-12-28 21:24 . 2007-12-28 21:24 <DIR> d-------- C:\Program Files\Excel Compare
2007-12-27 18:26 . 2007-12-27 18:26 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2007-12-27 18:22 . 2007-12-27 18:22 <DIR> d-------- C:\Program Files\BurnAware Free Edition
2007-12-27 18:22 . 2007-12-27 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\{299A4764-43F6-4187-8CA5-672EB6C4D431}
2007-12-27 17:12 . 2007-12-27 17:12 <DIR> d-------- C:\Program Files\MSECache
2007-12-26 22:43 . 2007-12-26 22:49 212 --a------ C:\WINDOWS\CDPLAYER.UNI
2007-12-26 16:59 . 2007-12-30 14:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-26 16:59 . 2007-12-26 16:59 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-19 17:18 . 2008-01-01 19:03 <DIR> d-------- C:\Program Files\a-squared Free
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 18:36 --------- d-----w C:\Program Files\Arovax AntiSpyware
2008-01-16 20:04 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\Skype
2008-01-15 20:46 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\vmntoolbar
2008-01-13 11:15 --------- d-----w C:\Program Files\SokkerViewer
2008-01-12 11:22 --------- d-----w C:\Program Files\MZ Manager 2
2008-01-08 07:00 --------- d-----w C:\Documents and Settings\LocalService\Data aplikací\AVG7
2008-01-08 07:00 --------- d-----w C:\Documents and Settings\LocalService\Data aplikací\AVG7
2008-01-08 07:00 --------- d-----w C:\Documents and Settings\LocalService\Data aplikací\AVG7
2008-01-07 18:35 --------- d-----w C:\Program Files\ITStudio
2008-01-06 14:50 --------- d-----w C:\Program Files\Java
2008-01-05 21:26 --------- d-----w C:\Program Files\DupKiller
2008-01-05 20:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 20:23 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-01-03 18:59 --------- d-----w C:\Program Files\Avant Browser
2008-01-01 18:05 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\AVG7
2007-12-25 17:30 --------- d-----w C:\Program Files\Google
2007-12-25 16:12 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\Spamihilator
2007-12-22 11:46 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\QuickTime
2007-12-19 17:33 --------- d-----w C:\Program Files\ConnectionServices
2007-12-09 19:00 --------- d-----w C:\Program Files\Gham
2007-12-08 19:04 --------- d-----w C:\Program Files\CDBFW
2007-12-08 11:54 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\stickies
2007-12-08 11:51 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-12-08 11:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-08 11:09 --------- d-----w C:\Program Files\Premium Booster
2007-12-08 11:02 --------- d-----w C:\Program Files\Evrsoft First Page 2006
2007-12-08 10:41 --------- d-----w C:\Program Files\CoffeeCup Software
2007-12-08 10:39 --------- d-----w C:\Program Files\vmntoolbar
2007-12-08 10:18 --------- d-----w C:\Program Files\Trellian
2007-12-07 18:45 --------- d-----w C:\Program Files\Crossword Compiler 8
2007-12-07 17:37 --------- d-----w C:\Program Files\Crossword Compiler 81
2007-12-05 20:33 --------- d-----w C:\Program Files\UnderCoverXP
2007-12-04 19:30 --------- d-----w C:\Program Files\Spamihilator
2007-12-03 20:41 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\ICQ
2007-12-03 18:55 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\Thinstall
2007-12-02 16:36 --------- d-----w C:\Program Files\Hattrick Manager
2007-12-01 18:08 --------- d-----w C:\Program Files\Hattrick Forever
2007-11-30 22:04 --------- d-----w C:\Program Files\COMPARE IT!
2007-11-29 18:02 --------- d-----w C:\Program Files\Netscape
2007-11-29 17:57 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\Netscape
2007-11-28 21:50 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\Prism
2007-11-27 21:38 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\ICQ Toolbar
2007-11-27 21:04 --------- d-----w C:\Program Files\Opera 9.5 beta
2007-11-27 19:06 --------- d-----w C:\Program Files\ICQ6
2007-11-27 19:02 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\InstallShield
2007-11-27 17:35 --------- d-----w C:\Program Files\xBaseView
2007-11-27 17:27 --------- d-----w C:\Program Files\DBF Viewer 2000
2007-11-27 16:32 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Altova
2007-11-26 18:18 --------- d-----w C:\Program Files\Crossword Compiler 6
2007-11-24 19:36 --------- d-----w C:\Program Files\Peetee Software
2007-11-24 19:07 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\pokerth
2007-11-24 17:13 --------- d-----w C:\Program Files\HattrickPoli
2007-11-24 15:25 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\avg7
2007-11-24 09:47 --------- d-----w C:\Documents and Settings\Pali\Data aplikací\Nitro PDF
2007-11-23 18:21 --------- d-----w C:\Program Files\VeryPDF PDF2Word v3.0
2007-11-23 17:15 --------- d-----w C:\Program Files\Foxit Software
2007-11-22 17:49 39,424 ----a-w C:\WINDOWS\zipinst.exe
2007-11-18 19:23 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-11-18 15:57 --------- d-----w C:\Program Files\stickies
2007-11-18 11:54 --------- d-----w C:\Program Files\TODO editor
2007-11-18 10:02 --------- d-----w C:\Program Files\Note-It
2007-11-18 09:57 --------- d-----w C:\Program Files\Fractalis Software
2007-11-18 09:55 --------- d-----w C:\Program Files\KirysTech2k
2007-11-16 20:16 72,704 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
2007-11-10 19:38 417,792 ----a-w C:\Documents and Settings\Pali\GL4JavbJauGljJNI14.dll
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-31 19:03 253,952 ------w C:\WINDOWS\Setup1.exe
2007-10-31 17:16 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
2007-10-31 17:16 249,856 ----a-w C:\WINDOWS\system32\pdfmona.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-22 15:05 73,216 ------w C:\WINDOWS\ST6UNST.EXE
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-08-05 17:39 397,312 ----a-w C:\Documents and Settings\Pali\jogl.dll
2007-06-05 16:05 11,482 ----a-w C:\Documents and Settings\Pali\ntuserdirect.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D940EED-467E-4732-96B3-8BAF0D5AFDFF}]
2006-10-18 11:00 114688 --a------ C:\Program Files\PC Messenger\PCMessengerBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9D940EED-467E-4732-96B3-8BAF0D5AFDFF}
{755F5DB1-A38D-476F-A4EB-4F7FA1DBB5CE}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{D2BF470E-ED1C-487F-A333-2BD8835EB6CE}
{D2BF470E-ED1C-487F-A666-2BD8835EB6CE}
[HKEY_CLASSES_ROOT\clsid\{9d940eed-467e-4732-96b3-8baf0d5afdff}]
[HKEY_CLASSES_ROOT\EtSmsDaBar.EtSmsBarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{BD041637-9EC8-4B47-97DD-084A4BD4B077}]
[HKEY_CLASSES_ROOT\EtSmsDaBar.EtSmsBarBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"german.exe"="C:\WINDOWS\system32\wintems.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-18 21:40 579072]
"SoundMan"="SOUNDMAN.EXE" [2002-08-02 12:00 46592 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-16 19:57 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-18 21:27 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= D:\Programy\Portable\PORTAB~1.9\DVDShell.dll [2004-10-10 00:18 49152]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AirLive Turbo-G Wireless Utility.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\AirLive Turbo-G Wireless Utility.lnk
backup=C:\WINDOWS\pss\AirLive Turbo-G Wireless Utility.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-01-16 19:57 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys [2002-06-06 00:07]
R2 extradrv;Extra Driver;C:\WINDOWS\system32\DRIVERS\extradrv.sys [2005-11-05 12:44]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\FirebirdSQL15\bin\fbguard.exe [2007-01-31 01:05]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\FirebirdSQL15\bin\fbserver.exe [2007-01-31 01:05]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S2 RadPciNT;RadPciNT;C:\WINDOWS\System32\Drivers\RadPciNT.sys [2000-04-24 17:26]
S2 ramdrive;RAM Driver;C:\WINDOWS\system32\DRIVERS\ramdrive.sys [2005-11-05 12:44]
S2 XAMPP;XAMPP Service;C:\xampp\service.exe [2006-10-23 14:24]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\INSTALL.EXE
.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 22:08:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-18 22:09:17
ComboFix-quarantined-files.txt 2008-01-18 21:09:02
ComboFix2.txt 2008-01-18 20:46:34
.
2008-01-16 16:03:39 --- E O F ---
Tohle nech otestovat na http://www.virustotal.com :
C:\WINDOWS\system32\DRIVERS\ramdrive.sys
C:\WINDOWS\zipinst.exe
C:\WINDOWS\System32\Drivers\RadPciNT.sys
C:\WINDOWS\system32\DRIVERS\extradrv.sys
C:\WINDOWS\system32\drivers\BsStor.sys
+
přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:
text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte - spustí se ComboFix (možná budete muset znova potvrdit licenční podmínky stiskem klávesy 1 a Enterem) a začne znova scanovat, nakon ci scanování se pokusí smazat námy zadané soubory - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte
C:\WINDOWS\system32\DRIVERS\ramdrive.sys
C:\WINDOWS\zipinst.exe
C:\WINDOWS\System32\Drivers\RadPciNT.sys
C:\WINDOWS\system32\DRIVERS\extradrv.sys
C:\WINDOWS\system32\drivers\BsStor.sys
+
přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:
File::
C:\WINDOWS\iun6002.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"german.exe"="-
text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte - spustí se ComboFix (možná budete muset znova potvrdit licenční podmínky stiskem klávesy 1 a Enterem) a začne znova scanovat, nakon ci scanování se pokusí smazat námy zadané soubory - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte
Pokud si ještě neudělal ten postup s tím přetahováním na ikonku Comba, tak ten scriptím trochu pozměníme.
Bude tam, jinak všechno stejný:
přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:
text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte - spustí se ComboFix (možná budete muset znova potvrdit licenční podmínky stiskem klávesy 1 a Enterem) a začne znova scanovat, nakon ci scanování se pokusí smazat námy zadané soubory - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte
\\EDIT: Co ty soubory, jak jsem vypsal dopadly na virustotale?
Bude tam, jinak všechno stejný:
přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:
File::
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"german.exe"="-
text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte - spustí se ComboFix (možná budete muset znova potvrdit licenční podmínky stiskem klávesy 1 a Enterem) a začne znova scanovat, nakon ci scanování se pokusí smazat námy zadané soubory - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte
\\EDIT: Co ty soubory, jak jsem vypsal dopadly na virustotale?
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
RE:
Paul tady zatím, není , ale poradí Ti .Já Ti mohu doporučit zda máš disk ULTIMATE BOOT DISK tak dát v BIosu boot z CD vložit disk a spustit antiviry(jsou dva a pracují bez naběhnutí Win.Nemusí to pomoci ale za zkoušku to stojí
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 84 hostů