Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\diwyrdef
*******************
Script file located at: \??\C:\Documents and Settings\vxvwbvfc.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Error: C:\WINDOWS\zts2.exe is a folder, not a file!
Deletion of file C:\WINDOWS\zts2.exe failed!
Could not process line:
C:\WINDOWS\zts2.exe
Status: 0xc00000ba
Error: C:\WINDOWS\system32\vcmgcd32.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\vcmgcd32.dll failed!
Could not process line:
C:\WINDOWS\system32\vcmgcd32.dll
Status: 0xc00000ba
Error: C:\WINDOWS\system32\systems.txt is a folder, not a file!
Deletion of file C:\WINDOWS\system32\systems.txt failed!
Could not process line:
C:\WINDOWS\system32\systems.txt
Status: 0xc00000ba
Error: C:\WINDOWS\system32\iifgfgf.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\iifgfgf.dll failed!
Could not process line:
C:\WINDOWS\system32\iifgfgf.dll
Status: 0xc00000ba
Error: C:\WINDOWS\rundll16.exe is a folder, not a file!
Deletion of file C:\WINDOWS\rundll16.exe failed!
Could not process line:
C:\WINDOWS\rundll16.exe
Status: 0xc00000ba
Error: C:\WINDOWS\rundl132.dll is a folder, not a file!
Deletion of file C:\WINDOWS\rundl132.dll failed!
Could not process line:
C:\WINDOWS\rundl132.dll
Status: 0xc00000ba
Error: C:\WINDOWS\logo1_.exe is a folder, not a file!
Deletion of file C:\WINDOWS\logo1_.exe failed!
Could not process line:
C:\WINDOWS\logo1_.exe
Status: 0xc00000ba
File C:\WINDOWS\R.COM deleted successfully.
File C:\WINDOWS\system32\T.COM deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
prosím o pomoc s AVG
- Radkoff
- Začátečník
-
- Registrován: 04. led 2005
- Bydliště: Moravské Budějovice
ComboFix 07-11-08.1 - Radek 2006-11-08 22:26:53.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1440 [GMT 1:00]
Running from: C:\Documents and Settings\Radek\Plocha\ComboFix.exe
Command switches used :: C:\qoobox\CFScript.txt.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.
2007-11-20 20:10 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-20 20:10 <DIR> d-------- C:\Program Files\CCleaner
2007-11-20 19:06 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-11-20 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-20 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-20 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-20 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-20 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-20 17:33 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-20 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-20 17:33 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-20 01:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-20 00:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-19 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2007-11-19 00:42 <DIR> d-------- C:\WINDOWS\PIF
2007-11-19 00:36 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\AVG7
2007-11-19 00:32 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\AVG7
2007-11-19 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Grisoft
2007-11-19 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\avg7
2007-11-19 00:32 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2007-11-18 01:04 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-08 18:40 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-01 17:16 <DIR> d-------- C:\Documents and Settings\Milada\Data aplikací\Skype
2007-11-01 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\LightScribe
2007-11-01 17:10 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Ahead
2007-11-01 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Ahead
2007-11-01 17:08 <DIR> d-------- C:\Program Files\Nero
2007-11-01 17:08 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-01 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Nero
2007-10-28 17:14 <DIR> d-------- C:\Program Files\Zoner
2007-10-26 18:43 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-10-26 18:41 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-25 18:40 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Skype
2007-10-25 18:39 <DIR> d-------- C:\Program Files\Skype
2007-10-25 18:39 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-25 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2007-10-25 18:29 <DIR> d-------- C:\Program Files\Opera
2007-10-25 17:56 <DIR> d-------- C:\Documents and Settings\Milada\Data aplikací\Mikrotik
2007-10-25 17:45 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Mikrotik
2007-10-25 17:24 <DIR> d-------- C:\Program Files\Marvell
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-19 20:03 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Rainlendar
2007-11-18 23:58 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-08 21:05 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\OpenOffice.org2
2007-11-01 16:12 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-11-01 16:04 --------- d-----w C:\Program Files\Ahead
2007-10-28 16:16 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Zoner
2007-10-06 11:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.
((((((((((((((((((((((((((((( snapshot@2007-11-08_21.31.38,78 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-20 20:30:41 46,732 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2007-11-08 20:38:36 46,732 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2006-11-20 20:30:41 40,666 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-08 20:38:36 40,666 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2006-11-20 20:30:41 311,392 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2007-11-08 20:38:36 311,392 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2006-11-20 20:30:41 312,278 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-08 20:38:36 312,278 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 07:22]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-05-18 14:26]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe" [2006-06-30 15:57]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2006-07-10 15:49]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-02-22 07:46]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-02-22 07:46]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-05 11:56]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-19 01:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-08 18:40]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
C:\Documents and Settings\Radek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-12-01 23:32:46]
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2006-01-21 13:31:46]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-08 18:40:37]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-03-23 17:58:53]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 22:27:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-08 22:27:32
C:\ComboFix2.txt ... 2007-11-08 21:31
C:\ComboFix3.txt ... 2007-11-08 19:56
.
--- E O F ---
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1440 [GMT 1:00]
Running from: C:\Documents and Settings\Radek\Plocha\ComboFix.exe
Command switches used :: C:\qoobox\CFScript.txt.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.
2007-11-20 20:10 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-20 20:10 <DIR> d-------- C:\Program Files\CCleaner
2007-11-20 19:06 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-11-20 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-20 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-20 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-20 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-20 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-20 17:33 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-20 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-20 17:33 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-20 01:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-20 00:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-19 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2007-11-19 00:42 <DIR> d-------- C:\WINDOWS\PIF
2007-11-19 00:36 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\AVG7
2007-11-19 00:32 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\AVG7
2007-11-19 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Grisoft
2007-11-19 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\avg7
2007-11-19 00:32 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2007-11-18 01:04 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-08 18:40 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-01 17:16 <DIR> d-------- C:\Documents and Settings\Milada\Data aplikací\Skype
2007-11-01 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\LightScribe
2007-11-01 17:10 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Ahead
2007-11-01 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Ahead
2007-11-01 17:08 <DIR> d-------- C:\Program Files\Nero
2007-11-01 17:08 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-01 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Nero
2007-10-28 17:14 <DIR> d-------- C:\Program Files\Zoner
2007-10-26 18:43 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-10-26 18:41 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-25 18:40 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Skype
2007-10-25 18:39 <DIR> d-------- C:\Program Files\Skype
2007-10-25 18:39 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-25 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2007-10-25 18:29 <DIR> d-------- C:\Program Files\Opera
2007-10-25 17:56 <DIR> d-------- C:\Documents and Settings\Milada\Data aplikací\Mikrotik
2007-10-25 17:45 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Mikrotik
2007-10-25 17:24 <DIR> d-------- C:\Program Files\Marvell
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-19 20:03 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Rainlendar
2007-11-18 23:58 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-08 21:05 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\OpenOffice.org2
2007-11-01 16:12 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-11-01 16:04 --------- d-----w C:\Program Files\Ahead
2007-10-28 16:16 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Zoner
2007-10-06 11:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.
((((((((((((((((((((((((((((( snapshot@2007-11-08_21.31.38,78 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-20 20:30:41 46,732 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2007-11-08 20:38:36 46,732 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2006-11-20 20:30:41 40,666 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-08 20:38:36 40,666 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2006-11-20 20:30:41 311,392 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2007-11-08 20:38:36 311,392 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2006-11-20 20:30:41 312,278 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-08 20:38:36 312,278 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 07:22]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-05-18 14:26]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe" [2006-06-30 15:57]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2006-07-10 15:49]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-02-22 07:46]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-02-22 07:46]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-05 11:56]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-19 01:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-08 18:40]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
C:\Documents and Settings\Radek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-12-01 23:32:46]
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2006-01-21 13:31:46]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-08 18:40:37]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-03-23 17:58:53]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 22:27:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-08 22:27:32
C:\ComboFix2.txt ... 2007-11-08 21:31
C:\ComboFix3.txt ... 2007-11-08 19:56
.
--- E O F ---
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
- Radkoff
- Začátečník
-
- Registrován: 04. led 2005
- Bydliště: Moravské Budějovice
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
A AVG skuste vystriedat s antivirusovym systemom NOD. Je 30 dni skusobna lehota a ak sa vam bude pozdavat tak si aktivujte ten . Alebo Kaspersky , ten je tiez ok .Ten pouzivam ja a som s nim spokojny. - Radkoff
- Začátečník
-
- Registrován: 04. led 2005
- Bydliště: Moravské Budějovice
Už mě to nebaví. asi ten antivirus odinstaluju a bude klid. Systém mi háže hlášku, že našel koňa. Odkazuje mě na stránku s iescannerem. Když ho nainstaluju a spustím, nějakýho koňa mi najde. Ale neodstraní, dokud si nekoupím plnou verzi. Hlášku mi to háže od tý doby, co sem stahoval crysis demo. Prosím ještě jednou o pomoc. (to, že avg nic nenašlo, nemusím snad ani zmiňovat)
a ještě mi zmizly hodiny z lišty
Log z hijackthis. combofix nende
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:32, on 25.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Video On-line - {7E4C5F57-FF13-4006-A5F6-BE97D9CD6261} - C:\WINDOWS\system32\PowerVideo.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Thoosje Sidebar .lnk = C:\Program Files\Thoosje Sidebar V2.0\Thoosje Sidebar .exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B960333-DC32-41F5-A911-6CC067A5017C}: NameServer = 192.168.0.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
a ještě mi zmizly hodiny z lišty
Log z hijackthis. combofix nende
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:32, on 25.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Video On-line - {7E4C5F57-FF13-4006-A5F6-BE97D9CD6261} - C:\WINDOWS\system32\PowerVideo.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Thoosje Sidebar .lnk = C:\Program Files\Thoosje Sidebar V2.0\Thoosje Sidebar .exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B960333-DC32-41F5-A911-6CC067A5017C}: NameServer = 192.168.0.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Poznate tento program? :
C:\Program Files\Thoosje Sidebar V2.0\Thoosje Sidebar .exe
Pouzite SDFIX :
http://www.viry.cz/forum/viewtopic.php?t=40395
Log z neho potom sem dajte a stiahnite si 30 dnovy NOD , alebo Kaspersky.
C:\Program Files\Thoosje Sidebar V2.0\Thoosje Sidebar .exe
Pouzite SDFIX :
http://www.viry.cz/forum/viewtopic.php?t=40395
Log z neho potom sem dajte a stiahnite si 30 dnovy NOD , alebo Kaspersky.
- Radkoff
- Začátečník
-
- Registrován: 04. led 2005
- Bydliště: Moravské Budějovice
sidebar - boční lišta, něco v principu sidebaru ve vistách. ale už je odinstalovaná. nod sem stáhl před 2 hodinama a nic nenašel. teda aspoň myslím, je to takový nepřehledný. ale jestli je to v protokolech skeneru, tak nic nenašel, tudíž nic nevyléčil.
vyblejsknul sem tu hlášku
SDFix: Version 1.115
Run by Administrator on ne 25.11.2007 at 22:54
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 22:58:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:7ad5a1d1
"s2"=dword:198fb4be
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:af,d7,a0,4f,21,0b,3f,62,ea,d0,c6,33,7f,1b,50,a8,f7,9c,54,1c,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4f,f8,4e,f7,34,13,3c,60,a3,d1,cb,e2,b1,0f,a2,5b,91,..
"khjeh"=hex:55,ba,20,ea,55,f5,46,2a,19,fc,a7,68,7d,6d,4b,59,ca,48,8a,86,bc,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,03,00,08,3f,18,00,40,21,26,00,e0,ff,ff,ff,76,6b,03,00,1e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:af,d7,a0,4f,21,0b,3f,62,ea,d0,c6,33,7f,1b,50,a8,f7,9c,54,1c,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4f,f8,4e,f7,34,13,3c,60,a3,d1,cb,e2,b1,0f,a2,5b,91,..
"khjeh"=hex:55,ba,20,ea,55,f5,46,2a,19,fc,a7,68,7d,6d,4b,59,ca,48,8a,86,bc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,03,00,30,d4,24,00,00,00,64,00,68,62,69,6e,00,d0,24,00,00,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Essentials\`\1t]
"Order"=hex:08,00,00,00,02,00,00,00,b0,00,00,00,01,00,00,00,01,00,00,00,a4,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
Wed 16 May 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 29 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 16 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6e75856c6efd762fe9068b5aa0da3bd6\BIT1.tmp"
Fri 7 Sep 2007 165,232 A..H. --- "C:\Documents and Settings\Radek\Data aplikacˇ\Microsoft\Virtual PC\VPCKeyboard.dll"
Wed 16 May 2007 4,348 ...H. --- "C:\Documents and Settings\Radek\Dokumenty\Hudba\Z lohov nˇ licence\drmv1key.bak"
Wed 16 May 2007 20 A..H. --- "C:\Documents and Settings\Radek\Dokumenty\Hudba\Z lohov nˇ licence\drmv1lic.bak"
Wed 16 May 2007 312 ...H. --- "C:\Documents and Settings\Radek\Dokumenty\Hudba\Z lohov nˇ licence\drmv2key.bak"
Wed 16 May 2007 1,536 A..H. --- "C:\Documents and Settings\Radek\Dokumenty\Hudba\Z lohov nˇ licence\drmv2lic.bak"
Finished!
vyblejsknul sem tu hlášku
SDFix: Version 1.115
Run by Administrator on ne 25.11.2007 at 22:54
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 22:58:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:7ad5a1d1
"s2"=dword:198fb4be
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:af,d7,a0,4f,21,0b,3f,62,ea,d0,c6,33,7f,1b,50,a8,f7,9c,54,1c,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4f,f8,4e,f7,34,13,3c,60,a3,d1,cb,e2,b1,0f,a2,5b,91,..
"khjeh"=hex:55,ba,20,ea,55,f5,46,2a,19,fc,a7,68,7d,6d,4b,59,ca,48,8a,86,bc,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,03,00,08,3f,18,00,40,21,26,00,e0,ff,ff,ff,76,6b,03,00,1e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:af,d7,a0,4f,21,0b,3f,62,ea,d0,c6,33,7f,1b,50,a8,f7,9c,54,1c,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4f,f8,4e,f7,34,13,3c,60,a3,d1,cb,e2,b1,0f,a2,5b,91,..
"khjeh"=hex:55,ba,20,ea,55,f5,46,2a,19,fc,a7,68,7d,6d,4b,59,ca,48,8a,86,bc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,03,00,30,d4,24,00,00,00,64,00,68,62,69,6e,00,d0,24,00,00,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Essentials\`\1t]
"Order"=hex:08,00,00,00,02,00,00,00,b0,00,00,00,01,00,00,00,01,00,00,00,a4,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
Wed 16 May 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 29 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 16 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6e75856c6efd762fe9068b5aa0da3bd6\BIT1.tmp"
Fri 7 Sep 2007 165,232 A..H. --- "C:\Documents and Settings\Radek\Data aplikacˇ\Microsoft\Virtual PC\VPCKeyboard.dll"
Wed 16 May 2007 4,348 ...H. --- "C:\Documents and Settings\Radek\Dokumenty\Hudba\Z lohov nˇ licence\drmv1key.bak"
Wed 16 May 2007 20 A..H. --- "C:\Documents and Settings\Radek\Dokumenty\Hudba\Z lohov nˇ licence\drmv1lic.bak"
Wed 16 May 2007 312 ...H. --- "C:\Documents and Settings\Radek\Dokumenty\Hudba\Z lohov nˇ licence\drmv2key.bak"
Wed 16 May 2007 1,536 A..H. --- "C:\Documents and Settings\Radek\Dokumenty\Hudba\Z lohov nˇ licence\drmv2lic.bak"
Finished!
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Aplikujte SmitFraudFix v nudzovom rezime podla navodu :
http://www.viry.cz/forum/viewtopic.php?t=16475
Potom skuste aplikovat combofix
http://www.viry.cz/forum/viewtopic.php?t=16475
Potom skuste aplikovat combofix
- Radkoff
- Začátečník
-
- Registrován: 04. led 2005
- Bydliště: Moravské Budějovice
SmitFraudFix v2.254
Scan done at 23:26:33,21, ne 25.11.2007
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\PowerVideo.dll Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1B960333-DC32-41F5-A911-6CC067A5017C}: NameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1B960333-DC32-41F5-A911-6CC067A5017C}: NameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1B960333-DC32-41F5-A911-6CC067A5017C}: NameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\system32\systems.txt Please, Reboot and Run SmitfraudFix option 2 once again.
»»»»»»»»»»»»»»»»»»»»»»»» End
Scan done at 23:26:33,21, ne 25.11.2007
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\PowerVideo.dll Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1B960333-DC32-41F5-A911-6CC067A5017C}: NameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1B960333-DC32-41F5-A911-6CC067A5017C}: NameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1B960333-DC32-41F5-A911-6CC067A5017C}: NameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\system32\systems.txt Please, Reboot and Run SmitfraudFix option 2 once again.
»»»»»»»»»»»»»»»»»»»»»»»» End
- Radkoff
- Začátečník
-
- Registrován: 04. led 2005
- Bydliště: Moravské Budějovice
Pasali, že ho mám spustit ještě jednou. Tu je log. Pod smajlíkama je combolog
SmitFraudFix v2.254
Scan done at 23:36:41,03, po 19.11.2007
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
Problem while deleting C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1B960333-DC32-41F5-A911-6CC067A5017C}: NameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1B960333-DC32-41F5-A911-6CC067A5017C}: NameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1B960333-DC32-41F5-A911-6CC067A5017C}: NameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
Problem while deleting C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt
»»»»»»»»»»»»»»»»»»»»»»»» End
ComboFix 07-11-19.3 - Administrator 2006-11-25 23:33:59.10 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1822 [GMT 1:00]
Running from: C:\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))
.
2007-11-25 23:31 1,545,623 --a------ C:\Kopie - ComboFix.exe
2007-11-25 23:30 1,545,623 --a------ C:\ComboFix.exe
2007-11-25 23:26 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-25 23:26 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-25 23:20 1,044,268 --a------ C:\SmitfraudFix.exe
2007-11-25 23:18 <DIR> d-------- C:\SmitfraudFix
2007-11-25 22:57 <DIR> d-------- C:\Documents and Settings\Milada\Data aplikací\AVG7
2007-11-25 21:50 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-11-25 21:50 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-11-24 21:17 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-11-24 21:17 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-11-24 21:17 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-11-24 21:17 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-24 21:17 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-11-24 21:17 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-11-24 21:17 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-11-24 01:44 <DIR> d-------- C:\Program Files\Java
2007-11-24 01:43 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-21 20:56 <DIR> d-------- C:\Program Files\Lavalys
2007-11-21 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2007-11-20 20:10 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-20 20:10 <DIR> d-------- C:\Program Files\CCleaner
2007-11-20 19:06 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-11-20 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-20 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-20 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-20 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-20 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-20 17:33 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-20 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-20 17:33 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-20 00:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-19 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2007-11-19 00:42 <DIR> d-------- C:\WINDOWS\PIF
2007-11-19 00:36 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\AVG7
2007-11-19 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Grisoft
2007-11-19 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\avg7
2007-11-19 00:32 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2007-11-18 01:04 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-08 18:40 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-01 17:16 <DIR> d-------- C:\Documents and Settings\Milada\Data aplikací\Skype
2007-11-01 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\LightScribe
2007-11-01 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Ahead
2007-11-01 17:08 <DIR> d-------- C:\Program Files\Nero
2007-11-01 17:08 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-01 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Nero
2007-10-28 17:14 <DIR> d-------- C:\Program Files\Zoner
2007-10-26 18:43 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-10-26 18:41 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-26 18:41 129,066 --a------ C:\WINDOWS\system32\TZLog.log
2007-10-25 18:39 <DIR> d-------- C:\Program Files\Skype
2007-10-25 18:39 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-25 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2007-10-25 18:29 <DIR> d-------- C:\Program Files\Opera
2007-10-25 17:56 <DIR> d-------- C:\Documents and Settings\Milada\Data aplikací\Mikrotik
2007-10-25 17:24 <DIR> d-------- C:\Program Files\Marvell
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 20:48 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-11-21 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 22:35 --------- d-----w C:\Program Files\ASUS
2007-11-18 23:58 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-01 16:12 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-11-01 16:04 --------- d-----w C:\Program Files\Ahead
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E4C5F57-FF13-4006-A5F6-BE97D9CD6261}]
C:\WINDOWS\system32\PowerVideo.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-21 17:35]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" [2007-06-01 10:21]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 07:22]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-05-18 14:26]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe" [2006-06-30 15:57]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2006-07-10 15:49]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-02-22 07:46]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-02-22 07:46]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-05 11:56]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-21 17:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-25 21:48]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-21 17:35]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-08 18:40:37]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-03-23 17:58:53]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
2006-05-16 16:50 40960 --a------ C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys
S3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-19 23:34:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-19 23:35:19
.
--- E O F ---
SmitFraudFix v2.254
Scan done at 23:36:41,03, po 19.11.2007
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
Problem while deleting C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1B960333-DC32-41F5-A911-6CC067A5017C}: NameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1B960333-DC32-41F5-A911-6CC067A5017C}: NameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1B960333-DC32-41F5-A911-6CC067A5017C}: NameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
Problem while deleting C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt
»»»»»»»»»»»»»»»»»»»»»»»» End
ComboFix 07-11-19.3 - Administrator 2006-11-25 23:33:59.10 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1822 [GMT 1:00]
Running from: C:\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))
.
2007-11-25 23:31 1,545,623 --a------ C:\Kopie - ComboFix.exe
2007-11-25 23:30 1,545,623 --a------ C:\ComboFix.exe
2007-11-25 23:26 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-25 23:26 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-25 23:20 1,044,268 --a------ C:\SmitfraudFix.exe
2007-11-25 23:18 <DIR> d-------- C:\SmitfraudFix
2007-11-25 22:57 <DIR> d-------- C:\Documents and Settings\Milada\Data aplikací\AVG7
2007-11-25 21:50 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-11-25 21:50 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-11-24 21:17 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-11-24 21:17 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-11-24 21:17 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-11-24 21:17 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-24 21:17 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-11-24 21:17 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-11-24 21:17 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-11-24 01:44 <DIR> d-------- C:\Program Files\Java
2007-11-24 01:43 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-21 20:56 <DIR> d-------- C:\Program Files\Lavalys
2007-11-21 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2007-11-20 20:10 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-20 20:10 <DIR> d-------- C:\Program Files\CCleaner
2007-11-20 19:06 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-11-20 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-20 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-20 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-20 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-20 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-20 17:33 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-20 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-20 17:33 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-20 00:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-19 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2007-11-19 00:42 <DIR> d-------- C:\WINDOWS\PIF
2007-11-19 00:36 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\AVG7
2007-11-19 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Grisoft
2007-11-19 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\avg7
2007-11-19 00:32 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2007-11-18 01:04 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-08 18:40 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-01 17:16 <DIR> d-------- C:\Documents and Settings\Milada\Data aplikací\Skype
2007-11-01 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\LightScribe
2007-11-01 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Ahead
2007-11-01 17:08 <DIR> d-------- C:\Program Files\Nero
2007-11-01 17:08 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-01 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Nero
2007-10-28 17:14 <DIR> d-------- C:\Program Files\Zoner
2007-10-26 18:43 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-10-26 18:41 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-26 18:41 129,066 --a------ C:\WINDOWS\system32\TZLog.log
2007-10-25 18:39 <DIR> d-------- C:\Program Files\Skype
2007-10-25 18:39 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-25 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2007-10-25 18:29 <DIR> d-------- C:\Program Files\Opera
2007-10-25 17:56 <DIR> d-------- C:\Documents and Settings\Milada\Data aplikací\Mikrotik
2007-10-25 17:24 <DIR> d-------- C:\Program Files\Marvell
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 20:48 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-11-21 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 22:35 --------- d-----w C:\Program Files\ASUS
2007-11-18 23:58 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-01 16:12 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-11-01 16:04 --------- d-----w C:\Program Files\Ahead
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E4C5F57-FF13-4006-A5F6-BE97D9CD6261}]
C:\WINDOWS\system32\PowerVideo.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-21 17:35]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" [2007-06-01 10:21]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 07:22]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-05-18 14:26]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe" [2006-06-30 15:57]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2006-07-10 15:49]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-02-22 07:46]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-02-22 07:46]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-05 11:56]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-21 17:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-25 21:48]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-21 17:35]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-08 18:40:37]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-03-23 17:58:53]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
2006-05-16 16:50 40960 --a------ C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys
S3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-19 23:34:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-19 23:35:19
.
--- E O F ---
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Stiahnite si Avenger na plochu : http://www.viry.cz/forum/viewtopic.php?t=19832
Podla navoda sa dopracujte ku tomu okne a do neho napiste nasledovne :
Po tom ako urobite toto , spuste poznamkovy blok cez Start - Programy - Prislusenstvo a zkopirujte do neho cely tento text:
Uchopte myší vytvorený skript CFScript.txt, premiestnite ho nad stažený program ComboFix.exe a ked sa oba subory prekryju, skript upuste.
Automaticky sa spustí ComboFix, vlozte sem log, ktory vybehne v záveru čistiaceho procesu.
Toto otestujte na virustotal.com :
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
C:\WINDOWS\system32\drivers\CO_Mon.sys
Podla navoda sa dopracujte ku tomu okne a do neho napiste nasledovne :
Files to delete:
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe
Po tom ako urobite toto , spuste poznamkovy blok cez Start - Programy - Prislusenstvo a zkopirujte do neho cely tento text:
Zvolte moznost Uložit soubor jako, pomenujte subor CFScript.txt a zvolte Uložit jako typ Všechny soubory. Uložte soubor na plochu.
File::
C:\WINDOWS\system32\PowerVideo.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E4C5F57-FF13-4006-A5F6-BE97D9CD6261}]
Uchopte myší vytvorený skript CFScript.txt, premiestnite ho nad stažený program ComboFix.exe a ked sa oba subory prekryju, skript upuste.
Automaticky sa spustí ComboFix, vlozte sem log, ktory vybehne v záveru čistiaceho procesu.
Toto otestujte na virustotal.com :
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
C:\WINDOWS\system32\drivers\CO_Mon.sys
- Radkoff
- Začátečník
-
- Registrován: 04. led 2005
- Bydliště: Moravské Budějovice
oba soubory sou bez nálezu
avenger log
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\pcdajufb
*******************
Script file located at: \??\C:\mfttfopi.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Error: C:\WINDOWS\zts2.exe is a folder, not a file!
Deletion of file C:\WINDOWS\zts2.exe failed!
Could not process line:
C:\WINDOWS\zts2.exe
Status: 0xc00000ba
Error: C:\WINDOWS\system32\vcmgcd32.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\vcmgcd32.dll failed!
Could not process line:
C:\WINDOWS\system32\vcmgcd32.dll
Status: 0xc00000ba
Error: C:\WINDOWS\system32\iifgfgf.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\iifgfgf.dll failed!
Could not process line:
C:\WINDOWS\system32\iifgfgf.dll
Status: 0xc00000ba
Error: C:\WINDOWS\rundll16.exe is a folder, not a file!
Deletion of file C:\WINDOWS\rundll16.exe failed!
Could not process line:
C:\WINDOWS\rundll16.exe
Status: 0xc00000ba
Error: C:\WINDOWS\rundl132.dll is a folder, not a file!
Deletion of file C:\WINDOWS\rundl132.dll failed!
Could not process line:
C:\WINDOWS\rundl132.dll
Status: 0xc00000ba
Error: C:\WINDOWS\logo1_.exe is a folder, not a file!
Deletion of file C:\WINDOWS\logo1_.exe failed!
Could not process line:
C:\WINDOWS\logo1_.exe
Status: 0xc00000ba
Completed script processing.
*******************
Finished! Terminate.
combolog:
ComboFix 07-11-19.3 - Radek 2006-11-26 14:27:55.11 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1550 [GMT 1:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\Documents and Settings\Radek\Plocha\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\PowerVideo.dll
.
((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))
.
2007-11-25 23:31 1,545,623 --a------ C:\Kopie - ComboFix.exe
2007-11-25 23:30 1,545,623 --a------ C:\ComboFix.exe
2007-11-25 23:26 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-25 23:26 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-25 23:20 1,044,268 --a------ C:\SmitfraudFix.exe
2007-11-25 23:18 <DIR> d-------- C:\SmitfraudFix
2007-11-25 22:57 <DIR> d-------- C:\Documents and Settings\Milada\Data aplikací\AVG7
2007-11-25 21:50 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-11-25 21:50 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-11-24 21:17 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-11-24 21:17 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-11-24 21:17 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-11-24 21:17 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-24 21:17 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-11-24 21:17 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-11-24 21:17 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-11-24 01:44 <DIR> d-------- C:\Program Files\Java
2007-11-24 01:43 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-21 20:56 <DIR> d-------- C:\Program Files\Lavalys
2007-11-21 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2007-11-20 20:10 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-20 20:10 <DIR> d-------- C:\Program Files\CCleaner
2007-11-20 19:06 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-11-20 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-20 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-20 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-20 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-20 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-20 17:33 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-20 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-20 17:33 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-20 00:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-19 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2007-11-19 00:42 <DIR> d-------- C:\WINDOWS\PIF
2007-11-19 00:36 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\AVG7
2007-11-19 00:32 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\AVG7
2007-11-19 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Grisoft
2007-11-19 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\avg7
2007-11-19 00:32 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2007-11-18 01:04 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-08 18:40 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-01 17:16 <DIR> d-------- C:\Documents and Settings\Milada\Data aplikací\Skype
2007-11-01 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\LightScribe
2007-11-01 17:10 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Ahead
2007-11-01 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Ahead
2007-11-01 17:08 <DIR> d-------- C:\Program Files\Nero
2007-11-01 17:08 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-01 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Nero
2007-10-28 17:14 <DIR> d-------- C:\Program Files\Zoner
2007-10-26 18:43 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-10-26 18:41 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-26 18:41 129,066 --a------ C:\WINDOWS\system32\TZLog.log
2007-10-25 18:40 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Skype
2007-10-25 18:39 <DIR> d-------- C:\Program Files\Skype
2007-10-25 18:39 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-25 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2007-10-25 18:29 <DIR> d-------- C:\Program Files\Opera
2007-10-25 17:56 <DIR> d-------- C:\Documents and Settings\Milada\Data aplikací\Mikrotik
2007-10-25 17:45 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Mikrotik
2007-10-25 17:24 <DIR> d-------- C:\Program Files\Marvell
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 20:48 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-11-21 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 22:35 --------- d-----w C:\Program Files\ASUS
2007-11-19 22:38 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\OpenOffice.org2
2007-11-19 20:03 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Rainlendar
2007-11-18 23:58 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-01 16:12 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-11-01 16:04 --------- d-----w C:\Program Files\Ahead
2007-10-28 16:16 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Zoner
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.
((((((((((((((((((((((((((((( snapshot@2007-11-19_23.34.57,92 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-25 22:00:59 46,912 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2007-11-26 13:15:32 46,912 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2007-11-25 22:00:59 40,802 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-26 13:15:32 40,802 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-25 22:00:59 311,666 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2007-11-26 13:15:32 311,666 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2007-11-25 22:00:59 312,414 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-26 13:15:32 312,414 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 07:22]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-05-18 14:26]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-02-22 07:46]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-02-22 07:46]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-05 11:56]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-25 21:48]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-21 17:35]
C:\Documents and Settings\Radek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2006-01-21 13:31:46]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-08 18:40:37]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-03-23 17:58:53]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Radek^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.1.lnk]
path=C:\Documents and Settings\Radek\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
2006-07-10 15:49 1093632 --a------ C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusServiceProvider]
2006-06-30 15:57 582144 -ra------ C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2007-11-08 18:40 67128 --a------ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
2006-05-16 16:50 40960 --a------ C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"NBService"=3 (0x3)
"helpsvc"=2 (0x2)
"ERSvc"=2 (0x2)
"AVGFwSrv"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-19 14:28:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-19 14:28:39
C:\ComboFix2.txt ... 2007-11-19 23:35
.
--- E O F ---
avenger log
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\pcdajufb
*******************
Script file located at: \??\C:\mfttfopi.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Error: C:\WINDOWS\zts2.exe is a folder, not a file!
Deletion of file C:\WINDOWS\zts2.exe failed!
Could not process line:
C:\WINDOWS\zts2.exe
Status: 0xc00000ba
Error: C:\WINDOWS\system32\vcmgcd32.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\vcmgcd32.dll failed!
Could not process line:
C:\WINDOWS\system32\vcmgcd32.dll
Status: 0xc00000ba
Error: C:\WINDOWS\system32\iifgfgf.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\iifgfgf.dll failed!
Could not process line:
C:\WINDOWS\system32\iifgfgf.dll
Status: 0xc00000ba
Error: C:\WINDOWS\rundll16.exe is a folder, not a file!
Deletion of file C:\WINDOWS\rundll16.exe failed!
Could not process line:
C:\WINDOWS\rundll16.exe
Status: 0xc00000ba
Error: C:\WINDOWS\rundl132.dll is a folder, not a file!
Deletion of file C:\WINDOWS\rundl132.dll failed!
Could not process line:
C:\WINDOWS\rundl132.dll
Status: 0xc00000ba
Error: C:\WINDOWS\logo1_.exe is a folder, not a file!
Deletion of file C:\WINDOWS\logo1_.exe failed!
Could not process line:
C:\WINDOWS\logo1_.exe
Status: 0xc00000ba
Completed script processing.
*******************
Finished! Terminate.
combolog:
ComboFix 07-11-19.3 - Radek 2006-11-26 14:27:55.11 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1550 [GMT 1:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\Documents and Settings\Radek\Plocha\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\PowerVideo.dll
.
((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))
.
2007-11-25 23:31 1,545,623 --a------ C:\Kopie - ComboFix.exe
2007-11-25 23:30 1,545,623 --a------ C:\ComboFix.exe
2007-11-25 23:26 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-25 23:26 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-25 23:20 1,044,268 --a------ C:\SmitfraudFix.exe
2007-11-25 23:18 <DIR> d-------- C:\SmitfraudFix
2007-11-25 22:57 <DIR> d-------- C:\Documents and Settings\Milada\Data aplikací\AVG7
2007-11-25 21:50 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-11-25 21:50 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-11-24 21:17 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-11-24 21:17 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-11-24 21:17 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-11-24 21:17 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-24 21:17 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-11-24 21:17 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-11-24 21:17 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-11-24 01:44 <DIR> d-------- C:\Program Files\Java
2007-11-24 01:43 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-21 20:56 <DIR> d-------- C:\Program Files\Lavalys
2007-11-21 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2007-11-20 20:10 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-20 20:10 <DIR> d-------- C:\Program Files\CCleaner
2007-11-20 19:06 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-11-20 18:56 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-11-20 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-20 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-20 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-20 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-20 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-20 17:33 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-20 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-20 17:33 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-20 00:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-19 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2007-11-19 00:42 <DIR> d-------- C:\WINDOWS\PIF
2007-11-19 00:36 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\AVG7
2007-11-19 00:32 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\AVG7
2007-11-19 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Grisoft
2007-11-19 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\avg7
2007-11-19 00:32 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2007-11-18 01:04 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-08 18:40 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-01 17:16 <DIR> d-------- C:\Documents and Settings\Milada\Data aplikací\Skype
2007-11-01 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\LightScribe
2007-11-01 17:10 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Ahead
2007-11-01 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Ahead
2007-11-01 17:08 <DIR> d-------- C:\Program Files\Nero
2007-11-01 17:08 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-01 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Nero
2007-10-28 17:14 <DIR> d-------- C:\Program Files\Zoner
2007-10-26 18:43 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-10-26 18:41 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-26 18:41 129,066 --a------ C:\WINDOWS\system32\TZLog.log
2007-10-25 18:40 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Skype
2007-10-25 18:39 <DIR> d-------- C:\Program Files\Skype
2007-10-25 18:39 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-25 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2007-10-25 18:29 <DIR> d-------- C:\Program Files\Opera
2007-10-25 17:56 <DIR> d-------- C:\Documents and Settings\Milada\Data aplikací\Mikrotik
2007-10-25 17:45 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Mikrotik
2007-10-25 17:24 <DIR> d-------- C:\Program Files\Marvell
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 20:48 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-11-21 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 22:35 --------- d-----w C:\Program Files\ASUS
2007-11-19 22:38 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\OpenOffice.org2
2007-11-19 20:03 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Rainlendar
2007-11-18 23:58 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-01 16:12 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-11-01 16:04 --------- d-----w C:\Program Files\Ahead
2007-10-28 16:16 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Zoner
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.
((((((((((((((((((((((((((((( snapshot@2007-11-19_23.34.57,92 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-25 22:00:59 46,912 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2007-11-26 13:15:32 46,912 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2007-11-25 22:00:59 40,802 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-26 13:15:32 40,802 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-25 22:00:59 311,666 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2007-11-26 13:15:32 311,666 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2007-11-25 22:00:59 312,414 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-26 13:15:32 312,414 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 07:22]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-05-18 14:26]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-02-22 07:46]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-02-22 07:46]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-05 11:56]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-25 21:48]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-21 17:35]
C:\Documents and Settings\Radek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2006-01-21 13:31:46]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-08 18:40:37]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-03-23 17:58:53]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Radek^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.1.lnk]
path=C:\Documents and Settings\Radek\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
2006-07-10 15:49 1093632 --a------ C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusServiceProvider]
2006-06-30 15:57 582144 -ra------ C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2007-11-08 18:40 67128 --a------ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
2006-05-16 16:50 40960 --a------ C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"NBService"=3 (0x3)
"helpsvc"=2 (0x2)
"ERSvc"=2 (0x2)
"AVGFwSrv"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-19 14:28:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-19 14:28:39
C:\ComboFix2.txt ... 2007-11-19 23:35
.
--- E O F ---
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Toto este otestujte na virustotal.com.
C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
C:\WINDOWS\system32\TZLog.log
Vidim spustene 2 antiviry ! AVG hned odinstalujte !
Manualne vymazte
c:\combofix
C:\SmitfraudFix
C:\qoobox
c:\avenger
Log vypada ok . Uz by to mohlo byt ok , Ako sa ma vas pocitac?
C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
C:\WINDOWS\system32\TZLog.log
Vidim spustene 2 antiviry ! AVG hned odinstalujte !
Manualne vymazte
c:\combofix
C:\SmitfraudFix
C:\qoobox
c:\avenger
Log vypada ok . Uz by to mohlo byt ok , Ako sa ma vas pocitac?