HijackThis utilita + LOGY k posouzeni

[Dex_Holland]

ještě se mě tam vytvořil adresáš qoobox a v něm backenv hiv backup quarantine .....celkově to ma 45 mega cca....to je na vymazání?

[BUBINO]

To je karantena . Tu vymazes , ale este ju nechaj tak .

S tym logom sa mi to nezda Su tam veci ktore som dal deletnut a avenger ich podeletoval . Mohol by si prosim urobit este jeden log z combofixu a ten tu dat ? Tento je but divny , alebo sa Ti mnozia blbe subory ako huby po dazdi .

[Dex_Holland]

ComboFix 07-11-08.1 - Administrator 2007-11-14 15:32:29.4 - NTFSx86 MINIMAL
Running from: C:\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
.

2007-11-14 15:29 1,539,258 --a------ C:\ComboFix.exe
2007-11-11 22:13 1,496,352 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-11 22:13 11,040 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-11-11 18:34 <DIR> d-------- C:\Program Files\Attack on Pearl Harbor
2007-11-11 18:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 16:05 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-11 16:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-11 16:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-11 16:05 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-11 16:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-11 16:05 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-11 16:05 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-11 16:05 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-11 14:40 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-11 14:40 <DIR> d-------- C:\Program Files\Crawler
2007-11-11 14:26 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Simply Super Software
2007-11-11 11:28 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-11-11 11:02 <DIR> d-------- C:\WINDOWS\system32\txp
2007-11-11 11:02 <DIR> d-------- C:\WINDOWS\Driver
2007-11-11 01:37 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Sierra Entertainment
2007-11-11 00:34 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\WebCompiler3
2007-11-11 00:26 <DIR> dr-h----- C:\Documents and Settings\Aleš\Data aplikací\SecuROM
2007-11-10 21:50 <DIR> d-------- C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP
2007-11-09 01:31 <DIR> d-------- C:\Fraps
2007-11-09 01:27 <DIR> d-------- C:\WINDOWS\Pix_temp
2007-11-09 01:27 <DIR> d-------- C:\Program Files\Transcoder
2007-11-09 01:10 <DIR> d-------- C:\Program Files\VD
2007-11-09 01:08 <DIR> d-------- C:\Program Files\MediaCell Video Converter
2007-11-09 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2007-11-08 20:07 <DIR> d-------- C:\Program Files\MK4
2007-11-08 12:47 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\U3
2007-11-08 08:16 <DIR> d-------- C:\Program Files\QuickTime
2007-11-08 08:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2007-11-07 23:29 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Media Player Classic
2007-11-06 22:03 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-06 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2007-11-06 14:43 <DIR> d-------- C:\Documents and Settings\All Users\documents
2007-11-06 14:12 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-06 13:58 <DIR> d-------- C:\Program Files\THQ
2007-11-06 13:36 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-11-06 13:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\MegauploadToolbar
2007-11-06 09:21 <DIR> d-------- C:\Program Files\Flagship Studios
2007-11-06 01:34 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BitSpirit
2007-11-06 01:33 <DIR> d-------- C:\Program Files\BitSpirit
2007-11-05 16:36 <DIR> d-------- C:\Program Files\Webteh
2007-11-05 16:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BSplayer Pro
2007-11-05 16:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BSplayer
2007-11-01 10:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-31 23:20 <DIR> d-------- C:\WINDOWS\solcache
2007-10-31 23:10 <DIR> d-------- C:\Diablo
2007-10-31 17:26 <DIR> d-------- C:\Program Files\Hamachi
2007-10-31 17:26 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Hamachi
2007-10-31 17:26 17,480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-31 17:05 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\ICQ
2007-10-31 17:04 <DIR> d-------- C:\Program Files\ICQ6
2007-10-31 17:04 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\InstallShield
2007-10-31 15:14 <DIR> d-------- C:\Program Files\capcom
2007-10-30 22:31 198,144 --------- C:\WINDOWS\system32\_psisdecd.dll
2007-10-26 15:37 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-25 20:23 <DIR> d-------- C:\WINDOWS\system\KEEPER
2007-10-25 20:23 <DIR> d-------- C:\Program Files\Bullfrog
2007-10-25 20:23 284,160 --a------ C:\WINDOWS\unin0407.exe
2007-10-24 22:21 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\CyberLink
2007-10-24 22:18 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2007-10-24 22:15 1,060,864 --------- C:\WINDOWS\system32\MFC71.dll
2007-10-24 22:15 1,047,552 --------- C:\WINDOWS\system32\MFC71u.dll
2007-10-24 22:15 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2007-10-24 22:15 89,088 --------- C:\WINDOWS\system32\atl71.dll
2007-10-24 22:15 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-10-24 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-10-24 22:13 <DIR> d-------- C:\Program Files\CyberLink
2007-10-24 22:09 <DIR> d-------- C:\Program Files\ASUS
2007-10-24 16:22 147,968 --a------ C:\WINDOWS\R.COM
2007-10-24 16:22 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-10-24 08:52 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-10-24 08:51 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-24 08:50 <DIR> d-------- C:\Program Files\MSBuild
2007-10-24 08:48 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-24 08:46 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-24 08:46 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-24 08:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-10-24 07:47 <DIR> d-------- C:\Program Files\GamePark
2007-10-23 22:44 <DIR> d-------- C:\UT2004
2007-10-23 17:07 <DIR> d-------- C:\Program Files\DreamCom
2007-10-23 12:02 <DIR> d-------- C:\Program Files\ATMA V
2007-10-18 19:25 <DIR> d-------- C:\Program Files\DIFX
2007-10-18 19:24 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-10-18 19:24 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-10-18 19:24 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-10-18 19:24 43,008 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-10-18 19:23 <DIR> d-------- C:\WINDOWS\45235788142C44BE8A4DDDE9A84492E5.TMP
2007-10-18 15:14 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-18 13:38 <DIR> d-------- C:\SIERRA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 14:30 3,152 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-14 14:30 23,204 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-14 13:50 --------- d-----w C:\Program Files\Diablo II
2007-11-11 21:26 --------- d-----w C:\Program Files\Kaspersky Lab
2007-11-11 01:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-10 20:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-09 00:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-16 22:28 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2007-10-16 20:55 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-16 20:55 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2007-10-16 20:55 --------- d-----w C:\Documents and Settings\Aleš\Data aplikací\TuneUp Software
2007-10-16 20:48 --------- d-----w C:\Program Files\Ray Adams
2007-10-16 20:48 --------- d-----w C:\Documents and Settings\Aleš\Data aplikací\atitray
2007-10-16 20:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2007-10-16 20:27 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-02 15:45 4,109,376 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-09-13 07:45 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2007-09-11 11:02 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot_2007-11-11_22.27.26,59 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-12-19 21:50:59 8,457,728 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:57:21 8,458,752 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-09-27 20:19:40 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-12-19 21:50:59 8,457,728 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:57:21 8,458,752 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-08-21 10:53:19 118,784 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 15:35:08 118,784 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 17:09]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57]
"RemoteControl"="C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2006-02-14 13:09]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-05-25 17:57]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 06:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2007-11-09 16:28:11 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 15:34:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-14 15:35:03
.
--- E O F ---

[BUBINO]

Som trocha v pomykove , pretoze virusy ktore vam avenger vymazal vam naspet naskocili .Neobnoval ste neico ?

Otvorte avenger a ako v predchadzajucom postupe , dopracujte sa ku bielemu okne podla navodu hore .

Do neho vlozte tento text :

Files to delete:
C:\WINDOWS\system32\drivers\fidbox.dat
C:\WINDOWS\system32\drivers\fidbox2.dat
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\systems.txt
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\logo1_.exe
C:\WINDOWS\rundl132.dll
C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP
C:\WINDOWS\R.COM
C:\WINDOWS\system32\T.COM

Zresetujte pocitac do nudzoveho rezimu:
OtvorTE poznamkovy blok (notepad) a skopirujTE donho toto:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=-

- ulozTE pod nazvom CFScript tak, aby mal koncovku txt a podla spodneho obrazku ho pretiahni nad combofix - automaticky sa spusti combofix - log vlozte potom sem + log z avengera

[Dex_Holland]

obnovení systému nepoužívám.jsem smazal nějakou hru,přesunul nějaky filmy,ale jinak nic razantního mam dojem


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qgvanpgy

*******************

Script file located at: \??\C:\WINDOWS\system32\nyeeiawm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key \Registry\Machine\System\CurrentControlSet\Services\ms-java.exe not found!
Unload of driver ms-java.exe failed!

Could not process line:
ms-java.exe
Status: 0xc0000034



File C:\WINDOWS\Driver\i386\ms-java.exe not found!
Deletion of file C:\WINDOWS\Driver\i386\ms-java.exe failed!

Could not process line:
C:\WINDOWS\Driver\i386\ms-java.exe
Status: 0xc0000034



Error: C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP is a folder, not a file!
Deletion of file C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP failed!

Could not process line:
C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP
Status: 0xc00000ba



File C:\WINDOWS\diabunin.exe not found!
Deletion of file C:\WINDOWS\diabunin.exe failed!

Could not process line:
C:\WINDOWS\diabunin.exe
Status: 0xc0000034



File C:\WINDOWS\bnetunin.exe not found!
Deletion of file C:\WINDOWS\bnetunin.exe failed!

Could not process line:
C:\WINDOWS\bnetunin.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\fidbox.dat deleted successfully.
File C:\WINDOWS\system32\drivers\fidbox2.idx deleted successfully.
File C:\WINDOWS\system32\drivers\fidbox2.dat deleted successfully.
File C:\WINDOWS\system32\drivers\fidbox.idx deleted successfully.


File C:\WINDOWS\Driver\i386\winlogon.exe not found!
Deletion of file C:\WINDOWS\Driver\i386\winlogon.exe failed!

Could not process line:
C:\WINDOWS\Driver\i386\winlogon.exe
Status: 0xc0000034



File C:\WINDOWS\Driver\i386\mssvc.exe not found!
Deletion of file C:\WINDOWS\Driver\i386\mssvc.exe failed!

Could not process line:
C:\WINDOWS\Driver\i386\mssvc.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.



a combo

ComboFix 07-11-08.1 - Administrator 2007-11-14 20:13:12.5 - NTFSx86 MINIMAL
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
.

2007-11-14 20:05 765,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-14 20:05 2,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-14 16:11 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\The Bat!
2007-11-14 16:10 <DIR> d-------- C:\Program Files\The Bat!
2007-11-14 15:29 1,539,258 --a------ C:\ComboFix.exe
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-11-11 18:34 <DIR> d-------- C:\Program Files\Attack on Pearl Harbor
2007-11-11 18:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 16:05 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-11 16:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-11 16:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-11 16:05 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-11 16:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-11 16:05 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-11 16:05 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-11 16:05 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-11 14:40 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-11 14:40 <DIR> d-------- C:\Program Files\Crawler
2007-11-11 14:26 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Simply Super Software
2007-11-11 11:28 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-11-11 11:02 <DIR> d-------- C:\WINDOWS\system32\txp
2007-11-11 11:02 <DIR> d-------- C:\WINDOWS\Driver
2007-11-11 01:37 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Sierra Entertainment
2007-11-11 00:34 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\WebCompiler3
2007-11-11 00:26 <DIR> dr-h----- C:\Documents and Settings\Aleš\Data aplikací\SecuROM
2007-11-10 21:50 <DIR> d-------- C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP
2007-11-09 01:31 <DIR> d-------- C:\Fraps
2007-11-09 01:27 <DIR> d-------- C:\WINDOWS\Pix_temp
2007-11-09 01:27 <DIR> d-------- C:\Program Files\Transcoder
2007-11-09 01:10 <DIR> d-------- C:\Program Files\VD
2007-11-09 01:08 <DIR> d-------- C:\Program Files\MediaCell Video Converter
2007-11-09 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2007-11-08 20:07 <DIR> d-------- C:\Program Files\MK4
2007-11-08 12:47 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\U3
2007-11-08 08:16 <DIR> d-------- C:\Program Files\QuickTime
2007-11-08 08:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2007-11-07 23:29 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Media Player Classic
2007-11-06 22:03 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-06 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2007-11-06 14:43 <DIR> d-------- C:\Documents and Settings\All Users\documents
2007-11-06 14:12 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-06 13:58 <DIR> d-------- C:\Program Files\THQ
2007-11-06 13:36 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-11-06 13:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\MegauploadToolbar
2007-11-06 09:21 <DIR> d-------- C:\Program Files\Flagship Studios
2007-11-06 01:34 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BitSpirit
2007-11-06 01:33 <DIR> d-------- C:\Program Files\BitSpirit
2007-11-05 16:36 <DIR> d-------- C:\Program Files\Webteh
2007-11-05 16:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BSplayer Pro
2007-11-05 16:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BSplayer
2007-11-01 10:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-31 23:20 <DIR> d-------- C:\WINDOWS\solcache
2007-10-31 23:10 <DIR> d-------- C:\Diablo
2007-10-31 17:26 <DIR> d-------- C:\Program Files\Hamachi
2007-10-31 17:26 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Hamachi
2007-10-31 17:26 17,480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-31 17:05 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\ICQ
2007-10-31 17:04 <DIR> d-------- C:\Program Files\ICQ6
2007-10-31 17:04 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\InstallShield
2007-10-30 22:31 198,144 --------- C:\WINDOWS\system32\_psisdecd.dll
2007-10-26 15:37 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-25 20:23 <DIR> d-------- C:\WINDOWS\system\KEEPER
2007-10-25 20:23 <DIR> d-------- C:\Program Files\Bullfrog
2007-10-25 20:23 284,160 --a------ C:\WINDOWS\unin0407.exe
2007-10-24 22:21 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\CyberLink
2007-10-24 22:18 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2007-10-24 22:15 1,060,864 --------- C:\WINDOWS\system32\MFC71.dll
2007-10-24 22:15 1,047,552 --------- C:\WINDOWS\system32\MFC71u.dll
2007-10-24 22:15 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2007-10-24 22:15 89,088 --------- C:\WINDOWS\system32\atl71.dll
2007-10-24 22:15 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-10-24 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-10-24 22:13 <DIR> d-------- C:\Program Files\CyberLink
2007-10-24 22:09 <DIR> d-------- C:\Program Files\ASUS
2007-10-24 16:22 147,968 --a------ C:\WINDOWS\R.COM
2007-10-24 16:22 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-10-24 08:52 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-10-24 08:51 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-24 08:50 <DIR> d-------- C:\Program Files\MSBuild
2007-10-24 08:48 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-24 08:46 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-24 08:46 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-24 08:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-10-24 07:47 <DIR> d-------- C:\Program Files\GamePark
2007-10-23 22:44 <DIR> d-------- C:\UT2004
2007-10-23 17:07 <DIR> d-------- C:\Program Files\DreamCom
2007-10-23 12:02 <DIR> d-------- C:\Program Files\ATMA V
2007-10-18 19:25 <DIR> d-------- C:\Program Files\DIFX
2007-10-18 19:24 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-10-18 19:24 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-10-18 19:24 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-10-18 19:24 43,008 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-10-18 19:23 <DIR> d-------- C:\WINDOWS\45235788142C44BE8A4DDDE9A84492E5.TMP
2007-10-18 15:14 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 19:10 12,368 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-14 19:10 1,316 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-14 13:50 --------- d-----w C:\Program Files\Diablo II
2007-11-11 21:26 --------- d-----w C:\Program Files\Kaspersky Lab
2007-11-11 01:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-10 20:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-09 00:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-16 22:28 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2007-10-16 20:55 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-16 20:55 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2007-10-16 20:55 --------- d-----w C:\Documents and Settings\Aleš\Data aplikací\TuneUp Software
2007-10-16 20:48 --------- d-----w C:\Program Files\Ray Adams
2007-10-16 20:48 --------- d-----w C:\Documents and Settings\Aleš\Data aplikací\atitray
2007-10-16 20:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2007-10-16 20:27 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-02 15:45 4,109,376 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-09-13 07:45 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2007-09-11 11:02 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot_2007-11-11_22.27.26,59 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-12-19 21:50:59 8,457,728 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:57:21 8,458,752 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-09-27 20:19:40 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-12-19 21:50:59 8,457,728 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:57:21 8,458,752 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-08-21 10:53:19 118,784 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 15:35:08 118,784 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 17:09]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57]
"RemoteControl"="C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2006-02-14 13:09]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-05-25 17:57]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 06:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2007-11-09 16:28:11 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 20:14:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-14 20:15:25
.
--- E O F ---


tak jak to vypadá pane doktore

[BUBINO]

Vy tu davate logy ktore su mi na 2 veci .

Urobte prosim vas tento navod :

Otvorte avenger a ako v predchadzajucom postupe , dopracujte sa ku bielemu okne podla navodu hore .

Do neho vlozte tento text :

Files to delete:
C:\WINDOWS\system32\drivers\fidbox.dat
C:\WINDOWS\system32\drivers\fidbox2.dat
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\systems.txt
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\logo1_.exe
C:\WINDOWS\rundl132.dll
C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP
C:\WINDOWS\R.COM
C:\WINDOWS\system32\T.COM

Zresetujte pocitac do nudzoveho rezimu:
OtvorTE poznamkovy blok (notepad) a skopirujTE donho toto:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=-

- ulozTE pod nazvom CFScript tak, aby mal koncovku txt a podla spodneho obrazku ho pretiahni nad combofix - automaticky sa spusti combofix - log vlozte potom sem + log z avengera

[Dex_Holland]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\twifewou

*******************

Script file located at: \??\C:\WINDOWS\system32\pcjlnnlj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\fidbox.dat deleted successfully.
File C:\WINDOWS\system32\drivers\fidbox2.dat deleted successfully.


Error: C:\WINDOWS\zts2.exe is a folder, not a file!
Deletion of file C:\WINDOWS\zts2.exe failed!

Could not process line:
C:\WINDOWS\zts2.exe
Status: 0xc00000ba



Error: C:\WINDOWS\system32\vcmgcd32.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\vcmgcd32.dll failed!

Could not process line:
C:\WINDOWS\system32\vcmgcd32.dll
Status: 0xc00000ba



Error: C:\WINDOWS\system32\systems.txt is a folder, not a file!
Deletion of file C:\WINDOWS\system32\systems.txt failed!

Could not process line:
C:\WINDOWS\system32\systems.txt
Status: 0xc00000ba



Error: C:\WINDOWS\system32\iifgfgf.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\iifgfgf.dll failed!

Could not process line:
C:\WINDOWS\system32\iifgfgf.dll
Status: 0xc00000ba



Error: C:\WINDOWS\rundll16.exe is a folder, not a file!
Deletion of file C:\WINDOWS\rundll16.exe failed!

Could not process line:
C:\WINDOWS\rundll16.exe
Status: 0xc00000ba



Error: C:\WINDOWS\logo1_.exe is a folder, not a file!
Deletion of file C:\WINDOWS\logo1_.exe failed!

Could not process line:
C:\WINDOWS\logo1_.exe
Status: 0xc00000ba



Error: C:\WINDOWS\rundl132.dll is a folder, not a file!
Deletion of file C:\WINDOWS\rundl132.dll failed!

Could not process line:
C:\WINDOWS\rundl132.dll
Status: 0xc00000ba



Error: C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP is a folder, not a file!
Deletion of file C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP failed!

Could not process line:
C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP
Status: 0xc00000ba

File C:\WINDOWS\R.COM deleted successfully.
File C:\WINDOWS\system32\T.COM deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

ComboFix 07-11-08.1 - Administrator 2007-11-14 20:46:26.6 - NTFSx86 MINIMAL
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
.

2007-11-14 20:43 126,976 --a------ C:\zip.exe
2007-11-14 20:43 60,416 --a------ C:\WINDOWS\system32\drivers\tlijldtp.sys
2007-11-14 20:43 1,080 --a------ C:\mialfxbs.bat
2007-11-14 16:11 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\The Bat!
2007-11-14 16:10 <DIR> d-------- C:\Program Files\The Bat!
2007-11-14 15:29 1,539,258 --a------ C:\ComboFix.exe
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-11-11 18:34 <DIR> d-------- C:\Program Files\Attack on Pearl Harbor
2007-11-11 18:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 16:05 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-11 16:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-11 16:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-11 16:05 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-11 16:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-11 16:05 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-11 16:05 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-11 16:05 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-11 14:40 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-11 14:40 <DIR> d-------- C:\Program Files\Crawler
2007-11-11 14:26 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Simply Super Software
2007-11-11 11:28 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-11-11 11:02 <DIR> d-------- C:\WINDOWS\system32\txp
2007-11-11 11:02 <DIR> d-------- C:\WINDOWS\Driver
2007-11-11 01:37 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Sierra Entertainment
2007-11-11 00:34 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\WebCompiler3
2007-11-11 00:26 <DIR> dr-h----- C:\Documents and Settings\Aleš\Data aplikací\SecuROM
2007-11-10 21:50 <DIR> d-------- C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP
2007-11-09 01:31 <DIR> d-------- C:\Fraps
2007-11-09 01:27 <DIR> d-------- C:\WINDOWS\Pix_temp
2007-11-09 01:27 <DIR> d-------- C:\Program Files\Transcoder
2007-11-09 01:10 <DIR> d-------- C:\Program Files\VD
2007-11-09 01:08 <DIR> d-------- C:\Program Files\MediaCell Video Converter
2007-11-09 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2007-11-08 20:07 <DIR> d-------- C:\Program Files\MK4
2007-11-08 12:47 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\U3
2007-11-08 08:16 <DIR> d-------- C:\Program Files\QuickTime
2007-11-08 08:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2007-11-07 23:29 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Media Player Classic
2007-11-06 22:03 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-06 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2007-11-06 14:43 <DIR> d-------- C:\Documents and Settings\All Users\documents
2007-11-06 14:12 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-06 13:58 <DIR> d-------- C:\Program Files\THQ
2007-11-06 13:36 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-11-06 13:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\MegauploadToolbar
2007-11-06 09:21 <DIR> d-------- C:\Program Files\Flagship Studios
2007-11-06 01:34 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BitSpirit
2007-11-06 01:33 <DIR> d-------- C:\Program Files\BitSpirit
2007-11-05 16:36 <DIR> d-------- C:\Program Files\Webteh
2007-11-05 16:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BSplayer Pro
2007-11-05 16:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BSplayer
2007-11-01 10:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-31 23:20 <DIR> d-------- C:\WINDOWS\solcache
2007-10-31 23:10 <DIR> d-------- C:\Diablo
2007-10-31 17:26 <DIR> d-------- C:\Program Files\Hamachi
2007-10-31 17:26 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Hamachi
2007-10-31 17:26 17,480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-31 17:05 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\ICQ
2007-10-31 17:04 <DIR> d-------- C:\Program Files\ICQ6
2007-10-31 17:04 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\InstallShield
2007-10-30 22:31 198,144 --------- C:\WINDOWS\system32\_psisdecd.dll
2007-10-26 15:37 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-25 20:23 <DIR> d-------- C:\WINDOWS\system\KEEPER
2007-10-25 20:23 <DIR> d-------- C:\Program Files\Bullfrog
2007-10-25 20:23 284,160 --a------ C:\WINDOWS\unin0407.exe
2007-10-24 22:21 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\CyberLink
2007-10-24 22:18 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2007-10-24 22:15 1,060,864 --------- C:\WINDOWS\system32\MFC71.dll
2007-10-24 22:15 1,047,552 --------- C:\WINDOWS\system32\MFC71u.dll
2007-10-24 22:15 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2007-10-24 22:15 89,088 --------- C:\WINDOWS\system32\atl71.dll
2007-10-24 22:15 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-10-24 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-10-24 22:13 <DIR> d-------- C:\Program Files\CyberLink
2007-10-24 22:09 <DIR> d-------- C:\Program Files\ASUS
2007-10-24 08:52 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-10-24 08:51 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-24 08:50 <DIR> d-------- C:\Program Files\MSBuild
2007-10-24 08:48 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-24 08:46 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-24 08:46 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-24 08:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-10-24 07:47 <DIR> d-------- C:\Program Files\GamePark
2007-10-23 22:44 <DIR> d-------- C:\UT2004
2007-10-23 17:07 <DIR> d-------- C:\Program Files\DreamCom
2007-10-23 12:02 <DIR> d-------- C:\Program Files\ATMA V
2007-10-18 19:25 <DIR> d-------- C:\Program Files\DIFX
2007-10-18 19:24 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-10-18 19:24 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-10-18 19:24 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-10-18 19:24 43,008 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-10-18 19:23 <DIR> d-------- C:\WINDOWS\45235788142C44BE8A4DDDE9A84492E5.TMP
2007-10-18 15:14 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-18 13:38 <DIR> d-------- C:\SIERRA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 19:44 26,816 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-14 19:44 1,388 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-14 13:50 --------- d-----w C:\Program Files\Diablo II
2007-11-11 21:26 --------- d-----w C:\Program Files\Kaspersky Lab
2007-11-11 01:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-10 20:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-09 00:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-16 22:28 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2007-10-16 20:55 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-16 20:55 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2007-10-16 20:55 --------- d-----w C:\Documents and Settings\Aleš\Data aplikací\TuneUp Software
2007-10-16 20:48 --------- d-----w C:\Program Files\Ray Adams
2007-10-16 20:48 --------- d-----w C:\Documents and Settings\Aleš\Data aplikací\atitray
2007-10-16 20:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2007-10-16 20:27 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-02 15:45 4,109,376 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-09-13 07:45 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2007-09-11 11:02 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot_2007-11-11_22.27.26,59 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-12-19 21:50:59 8,457,728 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:57:21 8,458,752 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-09-27 20:19:40 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-12-19 21:50:59 8,457,728 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:57:21 8,458,752 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-08-21 10:53:19 118,784 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 15:35:08 118,784 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 17:09]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57]
"RemoteControl"="C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2006-02-14 13:09]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-05-25 17:57]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 06:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03]
"tuxvljrj"="C:\mialfxbs.bat" [2007-11-14 20:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2007-11-09 16:28:11 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 20:47:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-14 20:48:37
.
--- E O F ---

[BUBINO]

Ten combo blbne . Ukazuje total nezmyselne kraviny takze sa podla neho riadit nebudeme .

Otvorte este raz avenger a do neho skopirujte toto :

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | tuxvljrj
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | KernelFaultCheck

Files to delete:
C:\mialfxbs.bat
%systemroot%\system32\dumprep 0 -k

Aplikujte MWAV http://www.viry.cz/forum/viewtopic.php?t=4097 . Urobte to podla tohoto navodu :
Aktualizujte , vypnite obnovu systemu a dajte sem log z posledneho okna .

[Dex_Holland]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hxqguvhx

*******************

Script file located at: \??\C:\ybjrtxji.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\mialfxbs.bat not found!
Deletion of file C:\mialfxbs.bat failed!

Could not process line:
C:\mialfxbs.bat
Status: 0xc0000034



File C:\WINDOWS\system32\dumprep 0 -k not found!
Deletion of file C:\WINDOWS\system32\dumprep 0 -k failed!

Could not process line:
C:\WINDOWS\system32\dumprep 0 -k
Status: 0xc0000034



Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tuxvljrj
Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tuxvljrj failed!
Status: 0xc0000034



Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KernelFaultCheck
Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KernelFaultCheck failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

[Dex_Holland]

Objekt "mediaadvantage Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "mediaadvantage Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "mediaadvantage Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "smitfraud Browser Hijacker" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\Trshlex.TRShellEx" odkazuje na neplatný objekt "{52B87208-9CCF-42C9-B88E-069281105805}". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\chrome\". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\chrome\icons\default\". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\chrome\icons\". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Electronic Arts\Medal of Honor Airborne\". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Electronic Arts\". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\Splash\". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "D:\Mods\". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "D:\zone\". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "D:\Mods\ModWarfare\". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "D:\main\". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "D:\main\video\". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "D:\miles\". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "D:\zone\english\". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".001". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".acr". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".b3d". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cam". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cr2". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".crw". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".dbl". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".dcm". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".dcx". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".dds". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".djvu". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ecw". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".fpx". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".fsh". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".g3". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".hsv". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".icl". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".iff". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".img". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".iw44". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".j2k". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".jng". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".jp2". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".jpc". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".jpm". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".kdc". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".lbm". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ldf". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".lwf". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".mdf". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".mds". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".mng". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ngg". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".nlm". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".nol". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".pbm". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".pcd". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".pgm". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".php". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ppm". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".psp". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ras". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".raw". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".rgb". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".sff". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".sfv". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".sfw". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".sgi". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".sid". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".sun". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".tga". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".wbmp". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".xpm". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Battle.net". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Diablo". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{56ADDF25-AF97-4B24-BB6D-F947D8B65D2D}". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{65F1CF63-31E0-450B-96F3-4A88BE7361A6}". Provedené akce: Nic nebylo provedeno.

[BUBINO]

Len zvysky po odstranenych infekciach + chybne kluce v registrov .

Pouzite tento nastroj podla manualu tu : http://www.viry.cz/forum/viewtopic.php?t=7478/

Ako sa chova vas pocitac?

[Dex_Holland]

už se mi zdá naprosto v pořádku.v podstatě jediný znatelný problém byl hned odstranen první radou,ta chyba co tam furt vyskakovala.jinak ok,ale sem myslel že tam je neco spatnyho o čem nevim.každopádně poznat to není dle chování pc.

[BUBINO]

No zatial ziaden problem nevidim a logy su ciste od smejdov. Este pocitac precistit s ccleanerom a uz by to mohlo by ok

[Dex_Holland]

oka.díky za ochotu

[BUBINO]

Neni zac ! Rado sa stalo

[marek25]

chytil jsem nějak vir a nic ho nenašlo tak jenom kontrola díky


Logfile of HijackThis v1.99.1
Scan saved at 19:13:01, on 19.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\explorer.exe
D:\download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.spywareterminator.com/Dnl/fi ... etup.2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BHR] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent

[BUBINO]

Vazne mate log ktoy je zakonceny O4? Neskopiroval ste ho blbo. Prosim , dajte tu cely log.

Aplikujte ComboFix a log z neho tu tiez dajte.

[teq]

Zdravim, chtela bych poprosit nejakou dobrou dusi o kontrolu. Posledni dobou se mi zacala objevovat po spusteni Windows tabulka s informaci o chybe aplikace AsGHost.exe. Nevim, kde je chyba, tak jsem si proskenovala kompa MWAVem. Coz je dalsi vec, ten se po hodine zasek a vypnul (dvakrat sem to opakovala a vzdy to udelal v ten samy moment).

Prosim, mohl by se na to nekdo mrknout. Dekuju

tady je vypis hrozeb (neni kompletni):
Objekt "video activex access Trojan" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spyware.imfmonitor Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "savenow Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "whenu.savenow Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "saminside Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "saminside Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "saminside Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:54, on 24-XI-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\WINDOWS\system32\IFXSPMGT.exe
c:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Infineon\Security Platform Software\PSDrt.exe
c:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\WINDOWS\system32\UMonit.exe
C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\WINDOWS\system32\acovcnt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Lingea\Lex2002\lexicon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\maca\Local Settings\Temp\MWAVSCAN.COM
C:\DOCUME~1\maca\LOCALS~1\Temp\kavss.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TalkAndWrite] C:\Documents and Settings\All Users\Data aplikací\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: MultiFrame.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0981937125
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: OneCard - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESRI License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\lmgrd.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WPEServ - soft Xpansion - C:\Program Files\Common Files\WPE\wpeserv.exe

--
End of file - 15098 bytes

[BUBINO]

Toto fixnite v HIJACKTHIS (Oznacte v okieku a kliknite na FixCecked)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O20 - AppInit_DLLs: APSHook.dll

Mohla by ste toto otestovat na virustotal.com?
C:\Program Files\Common Files\WPE\wpeserv.exe
C:\WINDOWS\system32\acovcnt.exe
Vysledky z neho hodte sem.

C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe Toto pouzivate zamerne? Skuste to preskenovat tiez na virustotal.com . Nemal by to byt smejd , ale pre kazdy pripad.

Ak je ten prvy log urobeny cely , tak je ok. Precistite pocitac s Ccleanerom podla navodu sem : http://www.viry.cz/forum/viewtopic.php?t=7478

[teq]

dekuju.

tak tady jsou vysledky z virustotal.com:
pro wpeserv.exe:
MD5: 0d043ab194816e502444565d050b813f
Date: 09.20.2007 13:27:17 (CET) [>65D]
Results: 1/32
Permalink: resultado.html?44c1a575ebc175b37fdf48da292cbc3c
pro acovcnt.exe:
MD5: 6bcaf46e2b7fa9ace92b4d39f3037c5c
Date: 02.24.2007 16:04:15 (CET) [>273D]
Results: 1/30
Permalink: resultado.html?945aa50c571ca3cc41b4779cab8e95f1

Desktop Icon Toy jsem si instalovala umyslne, ale pak uz se mi znelibil, chtela jsem ho odinstalovat, ale nenasla jsem ho v seznamu na odebrani programu. Pak sem na nej zapomnela.

co se tyce prvniho logu (pokud je myslen z Hijack This, tak ten byl cely, na rozdil od toho druheho)