Vir!
Moderátoři: Ryan, mozek007, Moderátoři
Vir!
ahoj nedavno mi skocila reklama na superspnzor.cz tak prosim o prohlidku logu.
Logfile of HijackThis v1.99.1
Scan saved at 18:07:23, on 11.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
E:\QIP Infium\infium.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Valve\Steam\Steam.exe
E:\mozzila 3\firefox.exe
C:\Documents and Settings\máca\Plocha\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download with Rapget - C:\DOCUME~1\MCA~1\LOCALS~1\Temp\Rar$EX00.484\rapget.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E4ECB10-E0E8-4401-917C-4B4145F4D61C}: NameServer = 213.46.172.36,213.46.172.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E4ECB10-E0E8-4401-917C-4B4145F4D61C}: NameServer = 213.46.172.36,213.46.172.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E4ECB10-E0E8-4401-917C-4B4145F4D61C}: NameServer = 213.46.172.36,213.46.172.37
O17 - HKLM\System\CS3\Services\Tcpip\..\{0E4ECB10-E0E8-4401-917C-4B4145F4D61C}: NameServer = 213.46.172.36,213.46.172.37
O17 - HKLM\System\CS4\Services\Tcpip\..\{0E4ECB10-E0E8-4401-917C-4B4145F4D61C}: NameServer = 213.46.172.36,213.46.172.37
O17 - HKLM\System\CS5\Services\Tcpip\..\{0E4ECB10-E0E8-4401-917C-4B4145F4D61C}: NameServer = 213.46.172.36,213.46.172.37
O17 - HKLM\System\CS6\Services\Tcpip\..\{0E4ECB10-E0E8-4401-917C-4B4145F4D61C}: NameServer = 213.46.172.36,213.46.172.37
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Spyware Doctor\swdsvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 18:07:23, on 11.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
E:\QIP Infium\infium.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Valve\Steam\Steam.exe
E:\mozzila 3\firefox.exe
C:\Documents and Settings\máca\Plocha\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download with Rapget - C:\DOCUME~1\MCA~1\LOCALS~1\Temp\Rar$EX00.484\rapget.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E4ECB10-E0E8-4401-917C-4B4145F4D61C}: NameServer = 213.46.172.36,213.46.172.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E4ECB10-E0E8-4401-917C-4B4145F4D61C}: NameServer = 213.46.172.36,213.46.172.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E4ECB10-E0E8-4401-917C-4B4145F4D61C}: NameServer = 213.46.172.36,213.46.172.37
O17 - HKLM\System\CS3\Services\Tcpip\..\{0E4ECB10-E0E8-4401-917C-4B4145F4D61C}: NameServer = 213.46.172.36,213.46.172.37
O17 - HKLM\System\CS4\Services\Tcpip\..\{0E4ECB10-E0E8-4401-917C-4B4145F4D61C}: NameServer = 213.46.172.36,213.46.172.37
O17 - HKLM\System\CS5\Services\Tcpip\..\{0E4ECB10-E0E8-4401-917C-4B4145F4D61C}: NameServer = 213.46.172.36,213.46.172.37
O17 - HKLM\System\CS6\Services\Tcpip\..\{0E4ECB10-E0E8-4401-917C-4B4145F4D61C}: NameServer = 213.46.172.36,213.46.172.37
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Spyware Doctor\swdsvc.exe
Naposledy upravil(a) SptF^ dne ned bře 23, 2008 16:41, celkem upraveno 1 x.
Sestava: AMD Athlon64 X2 4200+ @5000+ , A-Data DIMM 2048MB DDR II 800MHz Extreme Edition, Sapphire ATI Radeon X1950XT 256mb+AC S1, Seasonic S12 430W, Gigabyte M55S-S3, Seagate Barracuda 160GB
Re: Vir?
ok..dekuji za pomoc;)
Sestava: AMD Athlon64 X2 4200+ @5000+ , A-Data DIMM 2048MB DDR II 800MHz Extreme Edition, Sapphire ATI Radeon X1950XT 256mb+AC S1, Seasonic S12 430W, Gigabyte M55S-S3, Seagate Barracuda 160GB
Re: Vir?
Zdravim, ted tam ten vir mam urcite: NOD32 ho pokazde zachyti a hodi do karanteny.. ale dela to pri kazdem restartu.. zde je log.. cervene je zviraznen problem.
Logfile of HijackThis v1.99.1
Scan saved at 15:32:35, on 23.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
D:\QIP Infium\infium.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Shared\NL3\NeroPatentActivation.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\máca.DOMA\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [{24-49-9C-C7-DW}] C:\windows\system32\jpwnw64o.exe DWoli5
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\pcntqkwd.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jpwnw64o.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3533190468
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
Logfile of HijackThis v1.99.1
Scan saved at 15:32:35, on 23.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
D:\QIP Infium\infium.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Shared\NL3\NeroPatentActivation.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\máca.DOMA\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [{24-49-9C-C7-DW}] C:\windows\system32\jpwnw64o.exe DWoli5
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\pcntqkwd.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jpwnw64o.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3533190468
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
Sestava: AMD Athlon64 X2 4200+ @5000+ , A-Data DIMM 2048MB DDR II 800MHz Extreme Edition, Sapphire ATI Radeon X1950XT 256mb+AC S1, Seasonic S12 430W, Gigabyte M55S-S3, Seagate Barracuda 160GB
-
- Čestný člen
- Příspěvky: 316
- Registrován: sob dub 21, 2007 11:05
- Bydliště: tam kde je přístup k netu:-) / Českomoravská Vysočina
- Kontaktovat uživatele:
Re: Vir!
stahnete a ulozte nejlepe na plochu ComboFix
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko OK:
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko OK:
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
Re: Vir!
ComboFix 08-03-22.3 - máca 2008-03-23 17:31:18.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1421 [GMT 1:00]
Running from: C:\Documents and Settings\máca.DOMA\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
-- Other TimeOuts --
VFind -td "C:\WINDOWS\system32\baiso*"
CF29804.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\WINDOWS\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\WINDOWS\*
CF29804.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
CF29804.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF29804.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
CF29804.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\kikina\Nabídka Start\Programy\Po spuštění\Deewoo.lnk
C:\Documents and Settings\kikina\Nabídka Start\Programy\Po spuštění\DW_Start.lnk
C:\Documents and Settings\máca.DOMA\Nabídka Start\Programy\Po spuštění\Deewoo.lnk
C:\Documents and Settings\máca.DOMA\Nabídka Start\Programy\Po spuštění\DW_Start.lnk
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\winpfz37.sys
C:\WINDOWS\system32\zxdnt3d.cfg
.
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.
2008-03-23 16:00 . 2008-03-23 16:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
2008-03-23 16:00 . 2003-03-19 14:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-23 16:00 . 2003-03-19 11:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-23 09:04 . 2008-03-23 09:03 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-23 09:04 . 2008-03-23 09:03 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-23 09:04 . 2008-03-23 09:03 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-21 23:19 . 2008-03-23 16:55 0 --a------ C:\WINDOWS\XXLGSC
2008-03-21 23:09 . 2008-03-21 23:09 491,520 --a------ C:\WINDOWS\WebIE.dll
2008-03-21 23:09 . 2008-03-21 23:09 356,352 --a------ C:\WINDOWS\TrnOutl.dll
2008-03-21 23:09 . 2008-03-21 23:09 294,912 --a------ C:\WINDOWS\TrnWord.dll
2008-03-21 23:09 . 2008-03-21 23:09 200,704 --a------ C:\WINDOWS\TRNOET.DLL
2008-03-21 23:09 . 2008-03-21 23:09 45,056 --a------ C:\WINDOWS\TRNOEH.DLL
2008-03-21 23:09 . 2008-03-21 23:09 26,624 --a------ C:\WINDOWS\OETRN.EXE
2008-03-21 23:09 . 2008-03-21 23:09 33 --a------ C:\WINDOWS\WTRDCTM.INI
2008-03-21 23:08 . 2008-03-22 12:24 <DIR> d-------- C:\TRANSLAT
2008-03-21 23:08 . 2008-03-21 23:08 516,096 --a------ C:\WINDOWS\UN32.EXE
2008-03-21 23:08 . 2008-03-23 16:55 4,479 --a------ C:\WINDOWS\WTRAN32.INI
2008-03-21 23:08 . 2008-03-21 23:08 2,753 --a------ C:\WINDOWS\UN32P.INI
2008-03-21 23:08 . 2008-03-21 23:09 2,476 --a------ C:\WINDOWS\TRNCOM.INI
2008-03-21 23:08 . 2008-03-23 17:29 1,678 --a------ C:\WINDOWS\MAILTRAN.INI
2008-03-21 23:08 . 2008-03-21 23:08 1,581 --a------ C:\WINDOWS\WDICT32.INI
2008-03-16 16:23 . 2008-03-16 16:23 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-16 15:09 . 2008-03-16 15:09 <DIR> d-------- C:\Program Files\Blender Foundation
2008-03-15 14:28 . 2008-03-15 14:28 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 09:50 . 2008-03-15 09:50 <DIR> d-------- C:\Program Files\PowerISO
2008-03-14 23:37 . 2008-03-14 23:37 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-03-14 23:35 . 2008-03-14 23:36 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-14 23:24 . 2008-03-14 23:24 49,156 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-03-14 06:26 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys
2008-03-14 06:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys
2008-03-14 06:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys
2008-03-13 17:06 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-13 17:06 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-13 16:52 . 2008-03-13 16:52 <DIR> d-------- C:\Documents and Settings\kikina\Data aplikací\InstallShield
2008-03-12 22:51 . 2008-03-12 22:51 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-03-12 22:46 . 2008-03-12 22:46 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-10 17:04 . 2008-03-10 17:05 <DIR> d-------- C:\Program Files\Mv2Player
2008-03-09 09:21 . 2008-03-09 09:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ATI
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Ubisoft
2008-03-07 18:15 . 2008-03-07 18:15 <DIR> d-------- C:\Program Files\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:08 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-07 17:58 . 2008-03-07 17:58 <DIR> d-------- C:\Program Files\Ubisoft
2008-03-04 06:40 . 2008-03-04 06:40 <DIR> d--hs---- C:\found.006
2008-03-03 18:03 . 2008-03-23 09:08 120,038 --a------ C:\WINDOWS\system32\oodbs.lor
2008-03-03 16:07 . 2008-03-03 16:07 <DIR> d-------- C:\Program Files\OO Software
2008-03-02 15:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-01 15:50 . 2008-03-01 15:50 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-02-28 17:38 . 2008-02-28 17:38 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 08:21 . 2008-02-28 08:21 0 --a------ C:\WINDOWS\oodcnt.INI
2008-02-26 19:48 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-26 19:47 . 2008-02-26 19:47 <DIR> d-------- C:\Program Files\MSBuild
2008-02-26 19:45 . 2008-02-26 19:45 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-26 19:44 . 2008-02-26 19:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-26 19:43 . 2008-02-26 19:43 <DIR> dr-h----- C:\MSOCache
2008-02-26 19:43 . 2008-03-12 20:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft Help
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:38 . 2008-02-26 19:38 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-26 16:41 . 2008-02-26 16:41 <DIR> d-------- C:\Documents and Settings\kikina\Data aplikací\Media Player Classic
2008-02-26 16:14 . 2008-02-26 16:14 972,072 --a------ C:\WINDOWS\UNRecode.exe
2008-02-23 20:15 . 2008-02-23 20:15 <DIR> d-------- C:\Documents and Settings\máca.DOMA\kbpki
2008-02-23 20:15 . 2008-02-23 20:15 <DIR> d-------- C:\Documents and Settings\máca.DOMA\kbpki
2008-02-23 16:10 . 2008-02-23 16:10 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-23 12:40 . 2008-02-23 12:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 12:40 . 2008-02-23 12:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 12:40 . 2008-02-23 12:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 09:09 . 2008-03-12 22:51 737,280 --a------ C:\WINDOWS\iun6002.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 16:12 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-03-23 08:09 --------- d-----w C:\Program Files\ESET
2008-03-21 12:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 22:35 --------- d-----w C:\Program Files\Nero
2008-03-14 22:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Nero
2008-03-14 22:23 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-14 22:22 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-09 08:18 --------- d-----w C:\Program Files\ATI Technologies
2008-03-04 06:08 --------- d-----w C:\Program Files\ICQ6
2008-02-26 18:47 --------- d-----w C:\Program Files\Microsoft Works
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-02-25 19:16 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-02-25 19:16 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-02-25 19:16 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-02-25 12:31 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 20:33 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-22 05:13 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\DivX
2008-02-22 05:12 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\Nero
2008-02-21 19:56 2,277,376 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 05:35 --------- d-----w C:\Program Files\Java
2008-02-20 20:27 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\ATI
2008-02-20 17:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TuneUp Software
2008-02-20 17:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 16:27 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 14:51 558,142 ----a-w C:\WINDOWS\java\Packages\LNP3RNT7.ZIP
2008-02-20 14:51 155,995 ----a-w C:\WINDOWS\java\Packages\OELNZB5B.ZIP
2008-02-19 20:10 --------- d-----w C:\Documents and Settings\máca\Data aplikací\OpenOffice.org2
2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-18 15:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-02-17 06:58 --------- d-----w C:\Documents and Settings\kiki\Data aplikací\MEGAUPLOADTOOLBAR
2008-02-16 21:51 --------- d-----w C:\Program Files\AMD
2008-02-14 13:20 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\ICQLite
2008-02-14 07:56 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\OpenOffice.org2
2008-02-13 14:13 --------- d-----w C:\Program Files\ICQToolbar
2008-02-13 14:13 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\MEGAUPLOADTOOLBAR
2008-02-10 21:29 --------- d-----w C:\Documents and Settings\máca\Data aplikací\MegauploadToolbar
2008-02-08 23:48 --------- d-----w C:\Program Files\HLSW
2008-02-05 10:16 --------- d-----w C:\Program Files\Trend Micro
2008-02-04 17:09 --------- d-----w C:\Program Files\HDD Regenerator
2008-02-02 17:44 --------- d-----w C:\Program Files\DivX
2008-02-02 12:43 --------- d-----w C:\Program Files\ZZZZZZZZZZZZZZZ
2008-01-30 08:18 --------- d-----w C:\Program Files\ICQLite
2008-01-29 01:53 612,864 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-11-15 18:30 22,328 ----a-w C:\Documents and Settings\máca\Data aplikací\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"OEXPRESS"="C:\WINDOWS\OETRN.EXE" [2008-03-21 23:09 26624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 04:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"{24-49-9C-C7-DW}"="C:\windows\system32\jpwnw64o.exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 08:05 217088]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-23 09:03 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
C:\Documents and Settings\mamka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 17:32:04 393216]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"D:\\CesarFTP\\Server.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ilussion422\\counter-strike\\hl.exe"=
"D:\\QIP Infium\\infium.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
R2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2004-08-17 15:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-04-04 23:00]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-14 23:22]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 16:36:57 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 17:36:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-03-23 17:38:23
ComboFix-quarantined-files.txt 2008-03-23 16:37:19
.
2008-03-18 05:21:42 --- E O F ---
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1421 [GMT 1:00]
Running from: C:\Documents and Settings\máca.DOMA\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
-- Other TimeOuts --
VFind -td "C:\WINDOWS\system32\baiso*"
CF29804.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\WINDOWS\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\WINDOWS\*
CF29804.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
CF29804.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF29804.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
CF29804.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\kikina\Nabídka Start\Programy\Po spuštění\Deewoo.lnk
C:\Documents and Settings\kikina\Nabídka Start\Programy\Po spuštění\DW_Start.lnk
C:\Documents and Settings\máca.DOMA\Nabídka Start\Programy\Po spuštění\Deewoo.lnk
C:\Documents and Settings\máca.DOMA\Nabídka Start\Programy\Po spuštění\DW_Start.lnk
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\winpfz37.sys
C:\WINDOWS\system32\zxdnt3d.cfg
.
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.
2008-03-23 16:00 . 2008-03-23 16:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
2008-03-23 16:00 . 2003-03-19 14:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-23 16:00 . 2003-03-19 11:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-23 09:04 . 2008-03-23 09:03 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-23 09:04 . 2008-03-23 09:03 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-23 09:04 . 2008-03-23 09:03 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-21 23:19 . 2008-03-23 16:55 0 --a------ C:\WINDOWS\XXLGSC
2008-03-21 23:09 . 2008-03-21 23:09 491,520 --a------ C:\WINDOWS\WebIE.dll
2008-03-21 23:09 . 2008-03-21 23:09 356,352 --a------ C:\WINDOWS\TrnOutl.dll
2008-03-21 23:09 . 2008-03-21 23:09 294,912 --a------ C:\WINDOWS\TrnWord.dll
2008-03-21 23:09 . 2008-03-21 23:09 200,704 --a------ C:\WINDOWS\TRNOET.DLL
2008-03-21 23:09 . 2008-03-21 23:09 45,056 --a------ C:\WINDOWS\TRNOEH.DLL
2008-03-21 23:09 . 2008-03-21 23:09 26,624 --a------ C:\WINDOWS\OETRN.EXE
2008-03-21 23:09 . 2008-03-21 23:09 33 --a------ C:\WINDOWS\WTRDCTM.INI
2008-03-21 23:08 . 2008-03-22 12:24 <DIR> d-------- C:\TRANSLAT
2008-03-21 23:08 . 2008-03-21 23:08 516,096 --a------ C:\WINDOWS\UN32.EXE
2008-03-21 23:08 . 2008-03-23 16:55 4,479 --a------ C:\WINDOWS\WTRAN32.INI
2008-03-21 23:08 . 2008-03-21 23:08 2,753 --a------ C:\WINDOWS\UN32P.INI
2008-03-21 23:08 . 2008-03-21 23:09 2,476 --a------ C:\WINDOWS\TRNCOM.INI
2008-03-21 23:08 . 2008-03-23 17:29 1,678 --a------ C:\WINDOWS\MAILTRAN.INI
2008-03-21 23:08 . 2008-03-21 23:08 1,581 --a------ C:\WINDOWS\WDICT32.INI
2008-03-16 16:23 . 2008-03-16 16:23 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-16 15:09 . 2008-03-16 15:09 <DIR> d-------- C:\Program Files\Blender Foundation
2008-03-15 14:28 . 2008-03-15 14:28 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 09:50 . 2008-03-15 09:50 <DIR> d-------- C:\Program Files\PowerISO
2008-03-14 23:37 . 2008-03-14 23:37 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-03-14 23:35 . 2008-03-14 23:36 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-14 23:24 . 2008-03-14 23:24 49,156 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-03-14 06:26 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys
2008-03-14 06:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys
2008-03-14 06:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys
2008-03-13 17:06 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-13 17:06 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-13 16:52 . 2008-03-13 16:52 <DIR> d-------- C:\Documents and Settings\kikina\Data aplikací\InstallShield
2008-03-12 22:51 . 2008-03-12 22:51 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-03-12 22:46 . 2008-03-12 22:46 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-10 17:04 . 2008-03-10 17:05 <DIR> d-------- C:\Program Files\Mv2Player
2008-03-09 09:21 . 2008-03-09 09:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ATI
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Ubisoft
2008-03-07 18:15 . 2008-03-07 18:15 <DIR> d-------- C:\Program Files\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:08 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-07 17:58 . 2008-03-07 17:58 <DIR> d-------- C:\Program Files\Ubisoft
2008-03-04 06:40 . 2008-03-04 06:40 <DIR> d--hs---- C:\found.006
2008-03-03 18:03 . 2008-03-23 09:08 120,038 --a------ C:\WINDOWS\system32\oodbs.lor
2008-03-03 16:07 . 2008-03-03 16:07 <DIR> d-------- C:\Program Files\OO Software
2008-03-02 15:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-01 15:50 . 2008-03-01 15:50 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-02-28 17:38 . 2008-02-28 17:38 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 08:21 . 2008-02-28 08:21 0 --a------ C:\WINDOWS\oodcnt.INI
2008-02-26 19:48 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-26 19:47 . 2008-02-26 19:47 <DIR> d-------- C:\Program Files\MSBuild
2008-02-26 19:45 . 2008-02-26 19:45 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-26 19:44 . 2008-02-26 19:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-26 19:43 . 2008-02-26 19:43 <DIR> dr-h----- C:\MSOCache
2008-02-26 19:43 . 2008-03-12 20:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft Help
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:38 . 2008-02-26 19:38 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-26 16:41 . 2008-02-26 16:41 <DIR> d-------- C:\Documents and Settings\kikina\Data aplikací\Media Player Classic
2008-02-26 16:14 . 2008-02-26 16:14 972,072 --a------ C:\WINDOWS\UNRecode.exe
2008-02-23 20:15 . 2008-02-23 20:15 <DIR> d-------- C:\Documents and Settings\máca.DOMA\kbpki
2008-02-23 20:15 . 2008-02-23 20:15 <DIR> d-------- C:\Documents and Settings\máca.DOMA\kbpki
2008-02-23 16:10 . 2008-02-23 16:10 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-23 12:40 . 2008-02-23 12:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 12:40 . 2008-02-23 12:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 12:40 . 2008-02-23 12:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 09:09 . 2008-03-12 22:51 737,280 --a------ C:\WINDOWS\iun6002.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 16:12 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-03-23 08:09 --------- d-----w C:\Program Files\ESET
2008-03-21 12:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 22:35 --------- d-----w C:\Program Files\Nero
2008-03-14 22:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Nero
2008-03-14 22:23 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-14 22:22 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-09 08:18 --------- d-----w C:\Program Files\ATI Technologies
2008-03-04 06:08 --------- d-----w C:\Program Files\ICQ6
2008-02-26 18:47 --------- d-----w C:\Program Files\Microsoft Works
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-02-25 19:16 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-02-25 19:16 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-02-25 19:16 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-02-25 12:31 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 20:33 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-22 05:13 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\DivX
2008-02-22 05:12 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\Nero
2008-02-21 19:56 2,277,376 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 05:35 --------- d-----w C:\Program Files\Java
2008-02-20 20:27 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\ATI
2008-02-20 17:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TuneUp Software
2008-02-20 17:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 16:27 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 14:51 558,142 ----a-w C:\WINDOWS\java\Packages\LNP3RNT7.ZIP
2008-02-20 14:51 155,995 ----a-w C:\WINDOWS\java\Packages\OELNZB5B.ZIP
2008-02-19 20:10 --------- d-----w C:\Documents and Settings\máca\Data aplikací\OpenOffice.org2
2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-18 15:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-02-17 06:58 --------- d-----w C:\Documents and Settings\kiki\Data aplikací\MEGAUPLOADTOOLBAR
2008-02-16 21:51 --------- d-----w C:\Program Files\AMD
2008-02-14 13:20 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\ICQLite
2008-02-14 07:56 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\OpenOffice.org2
2008-02-13 14:13 --------- d-----w C:\Program Files\ICQToolbar
2008-02-13 14:13 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\MEGAUPLOADTOOLBAR
2008-02-10 21:29 --------- d-----w C:\Documents and Settings\máca\Data aplikací\MegauploadToolbar
2008-02-08 23:48 --------- d-----w C:\Program Files\HLSW
2008-02-05 10:16 --------- d-----w C:\Program Files\Trend Micro
2008-02-04 17:09 --------- d-----w C:\Program Files\HDD Regenerator
2008-02-02 17:44 --------- d-----w C:\Program Files\DivX
2008-02-02 12:43 --------- d-----w C:\Program Files\ZZZZZZZZZZZZZZZ
2008-01-30 08:18 --------- d-----w C:\Program Files\ICQLite
2008-01-29 01:53 612,864 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-11-15 18:30 22,328 ----a-w C:\Documents and Settings\máca\Data aplikací\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"OEXPRESS"="C:\WINDOWS\OETRN.EXE" [2008-03-21 23:09 26624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 04:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"{24-49-9C-C7-DW}"="C:\windows\system32\jpwnw64o.exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 08:05 217088]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-23 09:03 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
C:\Documents and Settings\mamka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 17:32:04 393216]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"D:\\CesarFTP\\Server.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ilussion422\\counter-strike\\hl.exe"=
"D:\\QIP Infium\\infium.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
R2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2004-08-17 15:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-04-04 23:00]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-14 23:22]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 16:36:57 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 17:36:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-03-23 17:38:23
ComboFix-quarantined-files.txt 2008-03-23 16:37:19
.
2008-03-18 05:21:42 --- E O F ---
Sestava: AMD Athlon64 X2 4200+ @5000+ , A-Data DIMM 2048MB DDR II 800MHz Extreme Edition, Sapphire ATI Radeon X1950XT 256mb+AC S1, Seasonic S12 430W, Gigabyte M55S-S3, Seagate Barracuda 160GB
-
- Čestný člen
- Příspěvky: 316
- Registrován: sob dub 21, 2007 11:05
- Bydliště: tam kde je přístup k netu:-) / Českomoravská Vysočina
- Kontaktovat uživatele:
Re: Vir!
pokud jste tak jeste neucinil, presunte Combofix na plochu
otevrete si Poznamkovy blok
do nej zkopirujte skript z nasledujiciho okna:
ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu
po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:
po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem
otevrete si Poznamkovy blok
do nej zkopirujte skript z nasledujiciho okna:
Kód: Vybrat vše
File::
C:\WINDOWS\system32\rwwnw64d.exe
po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:
po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem
Re: Vir!
ComboFix 08-03-22.3 - máca 2008-03-23 19:39:55.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1221 [GMT 1:00]
Running from: C:\Documents and Settings\máca.DOMA\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\m ca.DOMA\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.
2008-03-23 16:00 . 2008-03-23 17:43 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
2008-03-23 16:00 . 2003-03-19 14:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-23 16:00 . 2003-03-19 11:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-23 09:04 . 2008-03-23 09:03 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-23 09:04 . 2008-03-23 09:03 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-23 09:04 . 2008-03-23 09:03 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-21 23:19 . 2008-03-23 16:55 0 --a------ C:\WINDOWS\XXLGSC
2008-03-21 23:09 . 2008-03-21 23:09 491,520 --a------ C:\WINDOWS\WebIE.dll
2008-03-21 23:09 . 2008-03-21 23:09 356,352 --a------ C:\WINDOWS\TrnOutl.dll
2008-03-21 23:09 . 2008-03-21 23:09 294,912 --a------ C:\WINDOWS\TrnWord.dll
2008-03-21 23:09 . 2008-03-21 23:09 200,704 --a------ C:\WINDOWS\TRNOET.DLL
2008-03-21 23:09 . 2008-03-21 23:09 45,056 --a------ C:\WINDOWS\TRNOEH.DLL
2008-03-21 23:09 . 2008-03-21 23:09 26,624 --a------ C:\WINDOWS\OETRN.EXE
2008-03-21 23:09 . 2008-03-21 23:09 33 --a------ C:\WINDOWS\WTRDCTM.INI
2008-03-21 23:08 . 2008-03-22 12:24 <DIR> d-------- C:\TRANSLAT
2008-03-21 23:08 . 2008-03-21 23:08 516,096 --a------ C:\WINDOWS\UN32.EXE
2008-03-21 23:08 . 2008-03-23 16:55 4,479 --a------ C:\WINDOWS\WTRAN32.INI
2008-03-21 23:08 . 2008-03-21 23:08 2,753 --a------ C:\WINDOWS\UN32P.INI
2008-03-21 23:08 . 2008-03-21 23:09 2,476 --a------ C:\WINDOWS\TRNCOM.INI
2008-03-21 23:08 . 2008-03-23 19:13 1,678 --a------ C:\WINDOWS\MAILTRAN.INI
2008-03-21 23:08 . 2008-03-21 23:08 1,581 --a------ C:\WINDOWS\WDICT32.INI
2008-03-16 16:23 . 2008-03-16 16:23 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-16 15:09 . 2008-03-16 15:09 <DIR> d-------- C:\Program Files\Blender Foundation
2008-03-15 14:28 . 2008-03-15 14:28 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 09:50 . 2008-03-15 09:50 <DIR> d-------- C:\Program Files\PowerISO
2008-03-14 23:37 . 2008-03-14 23:37 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-03-14 23:35 . 2008-03-14 23:36 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-14 23:24 . 2008-03-14 23:24 49,156 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-03-14 06:26 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys
2008-03-14 06:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys
2008-03-14 06:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys
2008-03-13 17:06 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-13 17:06 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-13 16:52 . 2008-03-13 16:52 <DIR> d-------- C:\Documents and Settings\kikina\Data aplikací\InstallShield
2008-03-12 22:51 . 2008-03-12 22:51 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-03-12 22:46 . 2008-03-12 22:46 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-10 17:04 . 2008-03-10 17:05 <DIR> d-------- C:\Program Files\Mv2Player
2008-03-09 09:21 . 2008-03-09 09:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ATI
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Ubisoft
2008-03-07 18:15 . 2008-03-07 18:15 <DIR> d-------- C:\Program Files\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:08 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-07 17:58 . 2008-03-07 17:58 <DIR> d-------- C:\Program Files\Ubisoft
2008-03-04 06:40 . 2008-03-04 06:40 <DIR> d--hs---- C:\found.006
2008-03-03 18:03 . 2008-03-23 09:08 120,038 --a------ C:\WINDOWS\system32\oodbs.lor
2008-03-03 16:07 . 2008-03-03 16:07 <DIR> d-------- C:\Program Files\OO Software
2008-03-02 15:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-01 15:50 . 2008-03-01 15:50 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-02-28 17:38 . 2008-02-28 17:38 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 08:21 . 2008-02-28 08:21 0 --a------ C:\WINDOWS\oodcnt.INI
2008-02-26 19:48 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-26 19:47 . 2008-02-26 19:47 <DIR> d-------- C:\Program Files\MSBuild
2008-02-26 19:45 . 2008-02-26 19:45 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-26 19:44 . 2008-02-26 19:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-26 19:43 . 2008-02-26 19:43 <DIR> dr-h----- C:\MSOCache
2008-02-26 19:43 . 2008-03-12 20:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft Help
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:38 . 2008-02-26 19:38 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-26 16:41 . 2008-02-26 16:41 <DIR> d-------- C:\Documents and Settings\kikina\Data aplikací\Media Player Classic
2008-02-26 16:14 . 2008-02-26 16:14 972,072 --a------ C:\WINDOWS\UNRecode.exe
2008-02-23 20:15 . 2008-02-23 20:15 <DIR> d-------- C:\Documents and Settings\máca.DOMA\kbpki
2008-02-23 20:15 . 2008-02-23 20:15 <DIR> d-------- C:\Documents and Settings\máca.DOMA\kbpki
2008-02-23 16:10 . 2008-02-23 16:10 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-23 12:40 . 2008-02-23 12:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 12:40 . 2008-02-23 12:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 12:40 . 2008-02-23 12:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 09:09 . 2008-03-12 22:51 737,280 --a------ C:\WINDOWS\iun6002.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 17:49 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-03-23 08:09 --------- d-----w C:\Program Files\ESET
2008-03-21 12:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 22:35 --------- d-----w C:\Program Files\Nero
2008-03-14 22:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Nero
2008-03-14 22:23 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-14 22:22 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-09 08:18 --------- d-----w C:\Program Files\ATI Technologies
2008-03-04 06:08 --------- d-----w C:\Program Files\ICQ6
2008-02-26 18:47 --------- d-----w C:\Program Files\Microsoft Works
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-02-25 19:16 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-02-25 19:16 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-02-25 19:16 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-02-25 12:31 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 20:33 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-22 05:13 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\DivX
2008-02-22 05:12 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\Nero
2008-02-21 19:56 2,277,376 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 05:35 --------- d-----w C:\Program Files\Java
2008-02-20 20:27 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\ATI
2008-02-20 17:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TuneUp Software
2008-02-20 17:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 16:27 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 14:51 558,142 ----a-w C:\WINDOWS\java\Packages\LNP3RNT7.ZIP
2008-02-20 14:51 155,995 ----a-w C:\WINDOWS\java\Packages\OELNZB5B.ZIP
2008-02-19 20:10 --------- d-----w C:\Documents and Settings\máca\Data aplikací\OpenOffice.org2
2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-18 15:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-02-17 06:58 --------- d-----w C:\Documents and Settings\kiki\Data aplikací\MEGAUPLOADTOOLBAR
2008-02-16 21:51 --------- d-----w C:\Program Files\AMD
2008-02-14 13:20 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\ICQLite
2008-02-14 07:56 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\OpenOffice.org2
2008-02-13 14:13 --------- d-----w C:\Program Files\ICQToolbar
2008-02-13 14:13 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\MEGAUPLOADTOOLBAR
2008-02-10 21:29 --------- d-----w C:\Documents and Settings\máca\Data aplikací\MegauploadToolbar
2008-02-08 23:48 --------- d-----w C:\Program Files\HLSW
2008-02-05 10:16 --------- d-----w C:\Program Files\Trend Micro
2008-02-04 17:09 --------- d-----w C:\Program Files\HDD Regenerator
2008-02-02 17:44 --------- d-----w C:\Program Files\DivX
2008-02-02 12:43 --------- d-----w C:\Program Files\ZZZZZZZZZZZZZZZ
2008-01-30 08:18 --------- d-----w C:\Program Files\ICQLite
2008-01-29 01:53 612,864 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-11-15 18:30 22,328 ----a-w C:\Documents and Settings\máca\Data aplikací\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"OEXPRESS"="C:\WINDOWS\OETRN.EXE" [2008-03-21 23:09 26624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 04:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 08:05 217088]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-23 09:03 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
C:\Documents and Settings\mamka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 17:32:04 393216]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"D:\\CesarFTP\\Server.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ilussion422\\counter-strike\\hl.exe"=
"D:\\QIP Infium\\infium.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
R2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2004-08-17 15:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
Stop Pending3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-14 23:22]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 16:36:57 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 19:40:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\TrnOEH.dll
.
Completion time: 2008-03-23 19:41:15
ComboFix-quarantined-files.txt 2008-03-23 18:40:48
ComboFix2.txt 2008-03-23 16:38:24
.
2008-03-18 05:21:42 --- E O F ---
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1221 [GMT 1:00]
Running from: C:\Documents and Settings\máca.DOMA\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\m ca.DOMA\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.
2008-03-23 16:00 . 2008-03-23 17:43 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
2008-03-23 16:00 . 2003-03-19 14:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-23 16:00 . 2003-03-19 11:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-23 09:04 . 2008-03-23 09:03 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-23 09:04 . 2008-03-23 09:03 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-23 09:04 . 2008-03-23 09:03 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-21 23:19 . 2008-03-23 16:55 0 --a------ C:\WINDOWS\XXLGSC
2008-03-21 23:09 . 2008-03-21 23:09 491,520 --a------ C:\WINDOWS\WebIE.dll
2008-03-21 23:09 . 2008-03-21 23:09 356,352 --a------ C:\WINDOWS\TrnOutl.dll
2008-03-21 23:09 . 2008-03-21 23:09 294,912 --a------ C:\WINDOWS\TrnWord.dll
2008-03-21 23:09 . 2008-03-21 23:09 200,704 --a------ C:\WINDOWS\TRNOET.DLL
2008-03-21 23:09 . 2008-03-21 23:09 45,056 --a------ C:\WINDOWS\TRNOEH.DLL
2008-03-21 23:09 . 2008-03-21 23:09 26,624 --a------ C:\WINDOWS\OETRN.EXE
2008-03-21 23:09 . 2008-03-21 23:09 33 --a------ C:\WINDOWS\WTRDCTM.INI
2008-03-21 23:08 . 2008-03-22 12:24 <DIR> d-------- C:\TRANSLAT
2008-03-21 23:08 . 2008-03-21 23:08 516,096 --a------ C:\WINDOWS\UN32.EXE
2008-03-21 23:08 . 2008-03-23 16:55 4,479 --a------ C:\WINDOWS\WTRAN32.INI
2008-03-21 23:08 . 2008-03-21 23:08 2,753 --a------ C:\WINDOWS\UN32P.INI
2008-03-21 23:08 . 2008-03-21 23:09 2,476 --a------ C:\WINDOWS\TRNCOM.INI
2008-03-21 23:08 . 2008-03-23 19:13 1,678 --a------ C:\WINDOWS\MAILTRAN.INI
2008-03-21 23:08 . 2008-03-21 23:08 1,581 --a------ C:\WINDOWS\WDICT32.INI
2008-03-16 16:23 . 2008-03-16 16:23 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-16 15:09 . 2008-03-16 15:09 <DIR> d-------- C:\Program Files\Blender Foundation
2008-03-15 14:28 . 2008-03-15 14:28 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 09:50 . 2008-03-15 09:50 <DIR> d-------- C:\Program Files\PowerISO
2008-03-14 23:37 . 2008-03-14 23:37 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-03-14 23:35 . 2008-03-14 23:36 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-14 23:24 . 2008-03-14 23:24 49,156 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-03-14 06:26 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys
2008-03-14 06:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys
2008-03-14 06:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys
2008-03-13 17:06 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-13 17:06 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-13 16:52 . 2008-03-13 16:52 <DIR> d-------- C:\Documents and Settings\kikina\Data aplikací\InstallShield
2008-03-12 22:51 . 2008-03-12 22:51 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-03-12 22:46 . 2008-03-12 22:46 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-10 17:04 . 2008-03-10 17:05 <DIR> d-------- C:\Program Files\Mv2Player
2008-03-09 09:21 . 2008-03-09 09:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ATI
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Ubisoft
2008-03-07 18:15 . 2008-03-07 18:15 <DIR> d-------- C:\Program Files\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:08 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-07 17:58 . 2008-03-07 17:58 <DIR> d-------- C:\Program Files\Ubisoft
2008-03-04 06:40 . 2008-03-04 06:40 <DIR> d--hs---- C:\found.006
2008-03-03 18:03 . 2008-03-23 09:08 120,038 --a------ C:\WINDOWS\system32\oodbs.lor
2008-03-03 16:07 . 2008-03-03 16:07 <DIR> d-------- C:\Program Files\OO Software
2008-03-02 15:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-01 15:50 . 2008-03-01 15:50 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-02-28 17:38 . 2008-02-28 17:38 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 08:21 . 2008-02-28 08:21 0 --a------ C:\WINDOWS\oodcnt.INI
2008-02-26 19:48 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-26 19:47 . 2008-02-26 19:47 <DIR> d-------- C:\Program Files\MSBuild
2008-02-26 19:45 . 2008-02-26 19:45 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-26 19:44 . 2008-02-26 19:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-26 19:43 . 2008-02-26 19:43 <DIR> dr-h----- C:\MSOCache
2008-02-26 19:43 . 2008-03-12 20:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft Help
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:38 . 2008-02-26 19:38 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-26 16:41 . 2008-02-26 16:41 <DIR> d-------- C:\Documents and Settings\kikina\Data aplikací\Media Player Classic
2008-02-26 16:14 . 2008-02-26 16:14 972,072 --a------ C:\WINDOWS\UNRecode.exe
2008-02-23 20:15 . 2008-02-23 20:15 <DIR> d-------- C:\Documents and Settings\máca.DOMA\kbpki
2008-02-23 20:15 . 2008-02-23 20:15 <DIR> d-------- C:\Documents and Settings\máca.DOMA\kbpki
2008-02-23 16:10 . 2008-02-23 16:10 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-23 12:40 . 2008-02-23 12:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 12:40 . 2008-02-23 12:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 12:40 . 2008-02-23 12:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 09:09 . 2008-03-12 22:51 737,280 --a------ C:\WINDOWS\iun6002.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 17:49 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-03-23 08:09 --------- d-----w C:\Program Files\ESET
2008-03-21 12:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 22:35 --------- d-----w C:\Program Files\Nero
2008-03-14 22:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Nero
2008-03-14 22:23 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-14 22:22 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-09 08:18 --------- d-----w C:\Program Files\ATI Technologies
2008-03-04 06:08 --------- d-----w C:\Program Files\ICQ6
2008-02-26 18:47 --------- d-----w C:\Program Files\Microsoft Works
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-02-25 19:16 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-02-25 19:16 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-02-25 19:16 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-02-25 12:31 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 20:33 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-22 05:13 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\DivX
2008-02-22 05:12 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\Nero
2008-02-21 19:56 2,277,376 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 05:35 --------- d-----w C:\Program Files\Java
2008-02-20 20:27 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\ATI
2008-02-20 17:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TuneUp Software
2008-02-20 17:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 16:27 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 14:51 558,142 ----a-w C:\WINDOWS\java\Packages\LNP3RNT7.ZIP
2008-02-20 14:51 155,995 ----a-w C:\WINDOWS\java\Packages\OELNZB5B.ZIP
2008-02-19 20:10 --------- d-----w C:\Documents and Settings\máca\Data aplikací\OpenOffice.org2
2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-18 15:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-02-17 06:58 --------- d-----w C:\Documents and Settings\kiki\Data aplikací\MEGAUPLOADTOOLBAR
2008-02-16 21:51 --------- d-----w C:\Program Files\AMD
2008-02-14 13:20 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\ICQLite
2008-02-14 07:56 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\OpenOffice.org2
2008-02-13 14:13 --------- d-----w C:\Program Files\ICQToolbar
2008-02-13 14:13 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\MEGAUPLOADTOOLBAR
2008-02-10 21:29 --------- d-----w C:\Documents and Settings\máca\Data aplikací\MegauploadToolbar
2008-02-08 23:48 --------- d-----w C:\Program Files\HLSW
2008-02-05 10:16 --------- d-----w C:\Program Files\Trend Micro
2008-02-04 17:09 --------- d-----w C:\Program Files\HDD Regenerator
2008-02-02 17:44 --------- d-----w C:\Program Files\DivX
2008-02-02 12:43 --------- d-----w C:\Program Files\ZZZZZZZZZZZZZZZ
2008-01-30 08:18 --------- d-----w C:\Program Files\ICQLite
2008-01-29 01:53 612,864 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-11-15 18:30 22,328 ----a-w C:\Documents and Settings\máca\Data aplikací\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"OEXPRESS"="C:\WINDOWS\OETRN.EXE" [2008-03-21 23:09 26624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 04:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 08:05 217088]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-23 09:03 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
C:\Documents and Settings\mamka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 17:32:04 393216]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"D:\\CesarFTP\\Server.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ilussion422\\counter-strike\\hl.exe"=
"D:\\QIP Infium\\infium.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
R2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2004-08-17 15:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
Stop Pending3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-14 23:22]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 16:36:57 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 19:40:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\TrnOEH.dll
.
Completion time: 2008-03-23 19:41:15
ComboFix-quarantined-files.txt 2008-03-23 18:40:48
ComboFix2.txt 2008-03-23 16:38:24
.
2008-03-18 05:21:42 --- E O F ---
Sestava: AMD Athlon64 X2 4200+ @5000+ , A-Data DIMM 2048MB DDR II 800MHz Extreme Edition, Sapphire ATI Radeon X1950XT 256mb+AC S1, Seasonic S12 430W, Gigabyte M55S-S3, Seagate Barracuda 160GB
Re: Vir!
mno problem zmizel.. nod uz nic nehlasi..tak to bude ok
Sestava: AMD Athlon64 X2 4200+ @5000+ , A-Data DIMM 2048MB DDR II 800MHz Extreme Edition, Sapphire ATI Radeon X1950XT 256mb+AC S1, Seasonic S12 430W, Gigabyte M55S-S3, Seagate Barracuda 160GB
Re: Vir!
takze ten script presunut do combofixu umistenem na plose a spusteno v nouzovem rezim bez AV:
ComboFix 08-03-22.3 - máca 2008-03-25 14:55:22.3 - NTFSx86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1776 [GMT 1:00]
Running from: C:\Documents and Settings\máca.DOMA\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\m ca.DOMA\Plocha\CFScript.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
-- Other TimeOuts --
VFind -td "C:\WINDOWS\system32\baiso*"
CF6716.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\*
CF6716.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
CF6716.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF6716.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
CF6716.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.
2008-03-24 21:51 . 2008-03-24 21:51 <DIR> d--hs---- C:\found.007
2008-03-23 16:00 . 2008-03-23 17:43 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
2008-03-23 16:00 . 2003-03-19 14:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-23 16:00 . 2003-03-19 11:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-23 09:04 . 2008-03-25 14:52 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-23 09:04 . 2008-03-25 14:52 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-23 09:04 . 2008-03-25 14:52 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-21 23:19 . 2008-03-24 17:07 0 --a------ C:\WINDOWS\XXLGSC
2008-03-21 23:09 . 2008-03-21 23:09 491,520 --a------ C:\WINDOWS\WebIE.dll
2008-03-21 23:09 . 2008-03-21 23:09 356,352 --a------ C:\WINDOWS\TrnOutl.dll
2008-03-21 23:09 . 2008-03-21 23:09 294,912 --a------ C:\WINDOWS\TrnWord.dll
2008-03-21 23:09 . 2008-03-21 23:09 200,704 --a------ C:\WINDOWS\TRNOET.DLL
2008-03-21 23:09 . 2008-03-21 23:09 45,056 --a------ C:\WINDOWS\TRNOEH.DLL
2008-03-21 23:09 . 2008-03-21 23:09 26,624 --a------ C:\WINDOWS\OETRN.EXE
2008-03-21 23:09 . 2008-03-21 23:09 33 --a------ C:\WINDOWS\WTRDCTM.INI
2008-03-21 23:08 . 2008-03-22 12:24 <DIR> d-------- C:\TRANSLAT
2008-03-21 23:08 . 2008-03-21 23:08 516,096 --a------ C:\WINDOWS\UN32.EXE
2008-03-21 23:08 . 2008-03-24 17:07 4,479 --a------ C:\WINDOWS\WTRAN32.INI
2008-03-21 23:08 . 2008-03-21 23:08 2,753 --a------ C:\WINDOWS\UN32P.INI
2008-03-21 23:08 . 2008-03-21 23:09 2,476 --a------ C:\WINDOWS\TRNCOM.INI
2008-03-21 23:08 . 2008-03-25 14:52 1,678 --a------ C:\WINDOWS\MAILTRAN.INI
2008-03-21 23:08 . 2008-03-21 23:08 1,581 --a------ C:\WINDOWS\WDICT32.INI
2008-03-16 16:23 . 2008-03-16 16:23 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-16 15:09 . 2008-03-16 15:09 <DIR> d-------- C:\Program Files\Blender Foundation
2008-03-15 14:28 . 2008-03-15 14:28 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 09:50 . 2008-03-15 09:50 <DIR> d-------- C:\Program Files\PowerISO
2008-03-14 23:37 . 2008-03-14 23:37 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-03-14 23:35 . 2008-03-14 23:36 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-14 23:24 . 2008-03-14 23:24 49,156 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-03-14 06:26 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys
2008-03-14 06:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys
2008-03-14 06:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys
2008-03-13 17:06 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-13 17:06 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-13 16:52 . 2008-03-13 16:52 <DIR> d-------- C:\Documents and Settings\kikina\Data aplikací\InstallShield
2008-03-12 22:51 . 2008-03-12 22:51 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-03-12 22:46 . 2008-03-12 22:46 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-10 17:04 . 2008-03-10 17:05 <DIR> d-------- C:\Program Files\Mv2Player
2008-03-09 09:21 . 2008-03-09 09:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ATI
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Ubisoft
2008-03-07 18:15 . 2008-03-07 18:15 <DIR> d-------- C:\Program Files\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:08 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-07 17:58 . 2008-03-07 17:58 <DIR> d-------- C:\Program Files\Ubisoft
2008-03-04 06:40 . 2008-03-04 06:40 <DIR> d--hs---- C:\found.006
2008-03-03 18:03 . 2008-03-25 14:53 136,639 --a------ C:\WINDOWS\system32\oodbs.lor
2008-03-03 16:07 . 2008-03-03 16:07 <DIR> d-------- C:\Program Files\OO Software
2008-03-02 15:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-01 15:50 . 2008-03-01 15:50 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-02-28 17:38 . 2008-02-28 17:38 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 08:21 . 2008-02-28 08:21 0 --a------ C:\WINDOWS\oodcnt.INI
2008-02-26 19:48 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-26 19:47 . 2008-02-26 19:47 <DIR> d-------- C:\Program Files\MSBuild
2008-02-26 19:45 . 2008-02-26 19:45 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-26 19:44 . 2008-02-26 19:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-26 19:43 . 2008-02-26 19:43 <DIR> dr-h----- C:\MSOCache
2008-02-26 19:43 . 2008-03-12 20:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft Help
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:38 . 2008-02-26 19:38 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-26 16:41 . 2008-02-26 16:41 <DIR> d-------- C:\Documents and Settings\kikina\Data aplikací\Media Player Classic
2008-02-26 16:14 . 2008-02-26 16:14 972,072 --a------ C:\WINDOWS\UNRecode.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 13:53 --------- d-----w C:\Program Files\ESET
2008-03-25 06:04 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-03-23 23:21 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-03-23 23:21 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-03-23 23:21 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-03-21 12:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 22:35 --------- d-----w C:\Program Files\Nero
2008-03-14 22:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Nero
2008-03-14 22:23 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-14 22:22 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-12 21:51 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-09 08:18 --------- d-----w C:\Program Files\ATI Technologies
2008-03-04 06:08 --------- d-----w C:\Program Files\ICQ6
2008-02-26 18:47 --------- d-----w C:\Program Files\Microsoft Works
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-02-25 12:31 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\ICQ
2008-02-23 15:10 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-23 11:40 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 11:40 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 11:40 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 20:33 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-22 05:13 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\DivX
2008-02-22 05:12 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\Nero
2008-02-21 19:56 2,277,376 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 05:35 --------- d-----w C:\Program Files\Java
2008-02-20 20:27 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\ATI
2008-02-20 17:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TuneUp Software
2008-02-20 17:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 16:27 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 14:51 558,142 ----a-w C:\WINDOWS\java\Packages\LNP3RNT7.ZIP
2008-02-20 14:51 155,995 ----a-w C:\WINDOWS\java\Packages\OELNZB5B.ZIP
2008-02-19 20:10 --------- d-----w C:\Documents and Settings\máca\Data aplikací\OpenOffice.org2
2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-18 15:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-02-17 06:58 --------- d-----w C:\Documents and Settings\kiki\Data aplikací\MEGAUPLOADTOOLBAR
2008-02-16 21:51 --------- d-----w C:\Program Files\AMD
2008-02-14 13:20 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\ICQLite
2008-02-14 07:56 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\OpenOffice.org2
2008-02-13 14:13 --------- d-----w C:\Program Files\ICQToolbar
2008-02-13 14:13 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\MEGAUPLOADTOOLBAR
2008-02-10 21:29 --------- d-----w C:\Documents and Settings\máca\Data aplikací\MegauploadToolbar
2008-02-08 23:48 --------- d-----w C:\Program Files\HLSW
2008-02-05 10:16 --------- d-----w C:\Program Files\Trend Micro
2008-02-04 17:09 --------- d-----w C:\Program Files\HDD Regenerator
2008-02-02 17:44 --------- d-----w C:\Program Files\DivX
2008-02-02 12:43 --------- d-----w C:\Program Files\ZZZZZZZZZZZZZZZ
2008-01-30 08:18 --------- d-----w C:\Program Files\ICQLite
2008-01-29 01:53 612,864 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-11-15 18:30 22,328 ----a-w C:\Documents and Settings\máca\Data aplikací\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 04:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"NOD32 - on-demand scanner"="C:\Program Files\ESET\nod32.exe" [2008-03-25 14:52 494712]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-25 14:52 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
C:\Documents and Settings\mamka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 17:32:04 393216]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"D:\\CesarFTP\\Server.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ilussion422\\counter-strike\\hl.exe"=
"D:\\QIP Infium\\infium.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2004-08-17 15:49]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-04-04 23:00]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-14 23:22]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 16:36:57 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 14:58:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
Completion time: 2008-03-25 14:58:55
ComboFix-quarantined-files.txt 2008-03-25 13:58:29
ComboFix2.txt 2008-03-23 18:41:16
ComboFix3.txt 2008-03-23 16:38:24
ComboFix 08-03-22.3 - máca 2008-03-25 14:55:22.3 - NTFSx86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1776 [GMT 1:00]
Running from: C:\Documents and Settings\máca.DOMA\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\m ca.DOMA\Plocha\CFScript.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
-- Other TimeOuts --
VFind -td "C:\WINDOWS\system32\baiso*"
CF6716.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\*
CF6716.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
CF6716.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF6716.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
CF6716.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.
2008-03-24 21:51 . 2008-03-24 21:51 <DIR> d--hs---- C:\found.007
2008-03-23 16:00 . 2008-03-23 17:43 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
2008-03-23 16:00 . 2003-03-19 14:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-23 16:00 . 2003-03-19 11:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-23 09:04 . 2008-03-25 14:52 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-23 09:04 . 2008-03-25 14:52 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-23 09:04 . 2008-03-25 14:52 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-21 23:19 . 2008-03-24 17:07 0 --a------ C:\WINDOWS\XXLGSC
2008-03-21 23:09 . 2008-03-21 23:09 491,520 --a------ C:\WINDOWS\WebIE.dll
2008-03-21 23:09 . 2008-03-21 23:09 356,352 --a------ C:\WINDOWS\TrnOutl.dll
2008-03-21 23:09 . 2008-03-21 23:09 294,912 --a------ C:\WINDOWS\TrnWord.dll
2008-03-21 23:09 . 2008-03-21 23:09 200,704 --a------ C:\WINDOWS\TRNOET.DLL
2008-03-21 23:09 . 2008-03-21 23:09 45,056 --a------ C:\WINDOWS\TRNOEH.DLL
2008-03-21 23:09 . 2008-03-21 23:09 26,624 --a------ C:\WINDOWS\OETRN.EXE
2008-03-21 23:09 . 2008-03-21 23:09 33 --a------ C:\WINDOWS\WTRDCTM.INI
2008-03-21 23:08 . 2008-03-22 12:24 <DIR> d-------- C:\TRANSLAT
2008-03-21 23:08 . 2008-03-21 23:08 516,096 --a------ C:\WINDOWS\UN32.EXE
2008-03-21 23:08 . 2008-03-24 17:07 4,479 --a------ C:\WINDOWS\WTRAN32.INI
2008-03-21 23:08 . 2008-03-21 23:08 2,753 --a------ C:\WINDOWS\UN32P.INI
2008-03-21 23:08 . 2008-03-21 23:09 2,476 --a------ C:\WINDOWS\TRNCOM.INI
2008-03-21 23:08 . 2008-03-25 14:52 1,678 --a------ C:\WINDOWS\MAILTRAN.INI
2008-03-21 23:08 . 2008-03-21 23:08 1,581 --a------ C:\WINDOWS\WDICT32.INI
2008-03-16 16:23 . 2008-03-16 16:23 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-16 15:09 . 2008-03-16 15:09 <DIR> d-------- C:\Program Files\Blender Foundation
2008-03-15 14:28 . 2008-03-15 14:28 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 09:50 . 2008-03-15 09:50 <DIR> d-------- C:\Program Files\PowerISO
2008-03-14 23:37 . 2008-03-14 23:37 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-03-14 23:35 . 2008-03-14 23:36 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-14 23:24 . 2008-03-14 23:24 49,156 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-03-14 06:26 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys
2008-03-14 06:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys
2008-03-14 06:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys
2008-03-13 17:06 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-13 17:06 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-13 16:52 . 2008-03-13 16:52 <DIR> d-------- C:\Documents and Settings\kikina\Data aplikací\InstallShield
2008-03-12 22:51 . 2008-03-12 22:51 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-03-12 22:46 . 2008-03-12 22:46 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-10 17:04 . 2008-03-10 17:05 <DIR> d-------- C:\Program Files\Mv2Player
2008-03-09 09:21 . 2008-03-09 09:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ATI
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Ubisoft
2008-03-07 18:15 . 2008-03-07 18:15 <DIR> d-------- C:\Program Files\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:08 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-07 17:58 . 2008-03-07 17:58 <DIR> d-------- C:\Program Files\Ubisoft
2008-03-04 06:40 . 2008-03-04 06:40 <DIR> d--hs---- C:\found.006
2008-03-03 18:03 . 2008-03-25 14:53 136,639 --a------ C:\WINDOWS\system32\oodbs.lor
2008-03-03 16:07 . 2008-03-03 16:07 <DIR> d-------- C:\Program Files\OO Software
2008-03-02 15:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-01 15:50 . 2008-03-01 15:50 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-02-28 17:38 . 2008-02-28 17:38 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 08:21 . 2008-02-28 08:21 0 --a------ C:\WINDOWS\oodcnt.INI
2008-02-26 19:48 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-26 19:47 . 2008-02-26 19:47 <DIR> d-------- C:\Program Files\MSBuild
2008-02-26 19:45 . 2008-02-26 19:45 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-26 19:44 . 2008-02-26 19:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-26 19:43 . 2008-02-26 19:43 <DIR> dr-h----- C:\MSOCache
2008-02-26 19:43 . 2008-03-12 20:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft Help
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:38 . 2008-02-26 19:38 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-26 16:41 . 2008-02-26 16:41 <DIR> d-------- C:\Documents and Settings\kikina\Data aplikací\Media Player Classic
2008-02-26 16:14 . 2008-02-26 16:14 972,072 --a------ C:\WINDOWS\UNRecode.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 13:53 --------- d-----w C:\Program Files\ESET
2008-03-25 06:04 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-03-23 23:21 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-03-23 23:21 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-03-23 23:21 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-03-21 12:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 22:35 --------- d-----w C:\Program Files\Nero
2008-03-14 22:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Nero
2008-03-14 22:23 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-14 22:22 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-12 21:51 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-09 08:18 --------- d-----w C:\Program Files\ATI Technologies
2008-03-04 06:08 --------- d-----w C:\Program Files\ICQ6
2008-02-26 18:47 --------- d-----w C:\Program Files\Microsoft Works
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-02-25 12:31 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\ICQ
2008-02-23 15:10 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-23 11:40 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 11:40 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 11:40 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 20:33 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-22 05:13 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\DivX
2008-02-22 05:12 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\Nero
2008-02-21 19:56 2,277,376 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 05:35 --------- d-----w C:\Program Files\Java
2008-02-20 20:27 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\ATI
2008-02-20 17:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TuneUp Software
2008-02-20 17:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 16:27 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 14:51 558,142 ----a-w C:\WINDOWS\java\Packages\LNP3RNT7.ZIP
2008-02-20 14:51 155,995 ----a-w C:\WINDOWS\java\Packages\OELNZB5B.ZIP
2008-02-19 20:10 --------- d-----w C:\Documents and Settings\máca\Data aplikací\OpenOffice.org2
2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-18 15:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-02-17 06:58 --------- d-----w C:\Documents and Settings\kiki\Data aplikací\MEGAUPLOADTOOLBAR
2008-02-16 21:51 --------- d-----w C:\Program Files\AMD
2008-02-14 13:20 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\ICQLite
2008-02-14 07:56 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\OpenOffice.org2
2008-02-13 14:13 --------- d-----w C:\Program Files\ICQToolbar
2008-02-13 14:13 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\MEGAUPLOADTOOLBAR
2008-02-10 21:29 --------- d-----w C:\Documents and Settings\máca\Data aplikací\MegauploadToolbar
2008-02-08 23:48 --------- d-----w C:\Program Files\HLSW
2008-02-05 10:16 --------- d-----w C:\Program Files\Trend Micro
2008-02-04 17:09 --------- d-----w C:\Program Files\HDD Regenerator
2008-02-02 17:44 --------- d-----w C:\Program Files\DivX
2008-02-02 12:43 --------- d-----w C:\Program Files\ZZZZZZZZZZZZZZZ
2008-01-30 08:18 --------- d-----w C:\Program Files\ICQLite
2008-01-29 01:53 612,864 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-11-15 18:30 22,328 ----a-w C:\Documents and Settings\máca\Data aplikací\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 04:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"NOD32 - on-demand scanner"="C:\Program Files\ESET\nod32.exe" [2008-03-25 14:52 494712]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-25 14:52 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
C:\Documents and Settings\mamka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 17:32:04 393216]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"D:\\CesarFTP\\Server.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ilussion422\\counter-strike\\hl.exe"=
"D:\\QIP Infium\\infium.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2004-08-17 15:49]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-04-04 23:00]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-14 23:22]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 16:36:57 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 14:58:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
Completion time: 2008-03-25 14:58:55
ComboFix-quarantined-files.txt 2008-03-25 13:58:29
ComboFix2.txt 2008-03-23 18:41:16
ComboFix3.txt 2008-03-23 16:38:24
Sestava: AMD Athlon64 X2 4200+ @5000+ , A-Data DIMM 2048MB DDR II 800MHz Extreme Edition, Sapphire ATI Radeon X1950XT 256mb+AC S1, Seasonic S12 430W, Gigabyte M55S-S3, Seagate Barracuda 160GB
Re: Vir!
mno vy ste mi to doporucil a ted mam zase smazat?..jsem ztoho vedle...Ryan píše:pokud jste tak jeste neucinil, presunte Combofix na plochu
otevrete si Poznamkovy blok
do nej zkopirujte skript z nasledujiciho okna:
ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochuKód: Vybrat vše
File:: C:\WINDOWS\system32\rwwnw64d.exe
po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:
po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem
Sestava: AMD Athlon64 X2 4200+ @5000+ , A-Data DIMM 2048MB DDR II 800MHz Extreme Edition, Sapphire ATI Radeon X1950XT 256mb+AC S1, Seasonic S12 430W, Gigabyte M55S-S3, Seagate Barracuda 160GB
Re: Vir!
takze jsem to smazl a resetoval PC... je to OK..
Sestava: AMD Athlon64 X2 4200+ @5000+ , A-Data DIMM 2048MB DDR II 800MHz Extreme Edition, Sapphire ATI Radeon X1950XT 256mb+AC S1, Seasonic S12 430W, Gigabyte M55S-S3, Seagate Barracuda 160GB
Re: Vir!
dekuji za vyreseni;)
Sestava: AMD Athlon64 X2 4200+ @5000+ , A-Data DIMM 2048MB DDR II 800MHz Extreme Edition, Sapphire ATI Radeon X1950XT 256mb+AC S1, Seasonic S12 430W, Gigabyte M55S-S3, Seagate Barracuda 160GB