Vždy, když nainstaluju antivir...

Radkoff · Příspěvek od **Radkoff** » sob 12. led 2008, 11:49

... není možný se přímo dostat na disky. Kliknutím. Musím na ně kliknout pravým myšítkem a otevřít. Proč?
A ještě by mě zajímalo, jak se nadobro zbavit souboru ctfmon (rozpoznávání řeči), stáhnul sem nějakej program, kterej ho měl deaktivovat a teď sem si všiml, že ho zase mám ve složce po spuštění. Když ho zakážu spouštět v msconfig, stejně najede

BUBINO · Příspěvek od **BUBINO** » sob 12. led 2008, 18:43

Ak je v zlozke "po spusteni" ctfmon, ide o trojana .Dajte sem log z HijackThisu :
http://www.trendsecure.com/portal/en-US ... hijackthis

Stiahnite ho na plochu, nainstalujte, spustite.V ponuke kliknite NA "DO A SYSTEM SCAN AND SAVE A LOGFILE". Zacne skenovanie po ktorom nabehne log v poznamkovom bloku.Cely ho skopirujte sem.

Radkoff · Příspěvek od **Radkoff** » ned 13. led 2008, 20:09

Tady je ten Hijack a dal sem tam i log z combofixu

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:45, on 13.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Opera\Opera.exe
C:\DOCUME~1\Radek\LOCALS~1\Temp\Dočasný adresář 1 pro HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\Program Files\IEPro\IEProRs.dll/easyhome.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 6097 bytes

ComboFix 07-12-21.4 - Radek 2004-01-13 20:07:17.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1523 [GMT 1:00]
Running from: G:\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.

2007-12-28 13:54 . 2007-12-28 13:54 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Ringjacker
2007-12-26 00:59 . 2007-12-26 00:59 <DIR> d-------- C:\Program Files\Ashampoo
2007-12-24 01:04 . 2007-12-24 01:04 <DIR> dr-hs---- C:\Recycled
2007-12-21 21:36 . 2008-01-13 12:06 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\OpenOffice.org2
2007-12-21 08:21 . 2007-12-21 08:21 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-12-20 19:44 . 2007-12-20 20:03 0 --a------ C:\WINDOWS\system32\svc_host.dat
2007-12-20 13:01 . 2007-12-20 13:02 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-12-20 13:01 . 2007-12-20 13:02 <DIR> d-------- C:\Program Files\AVSMedia
2007-12-19 16:06 . 2007-12-19 16:06 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Ahead
2007-12-19 16:06 . 2007-12-19 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\LightScribe
2007-12-19 01:14 . 2007-12-19 01:14 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Apple Computer
2007-12-19 01:10 . 2008-01-05 23:25 <DIR> d-------- C:\Program Files\QuickTime
2007-12-19 01:10 . 2007-12-19 01:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2007-12-19 01:10 . 2008-01-05 23:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-19 01:10 . 2007-12-19 01:11 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-18 14:42 . 2008-01-12 20:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-18 01:07 . 2007-12-18 01:07 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-17 19:16 . 2004-08-17 15:49 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-17 19:16 . 2004-08-17 15:49 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-12-17 19:15 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-17 19:15 . 2004-08-17 15:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-17 19:15 . 2004-08-17 15:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-12-17 19:15 . 2001-10-24 11:54 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-17 19:15 . 2001-10-24 11:54 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-17 19:15 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-17 19:15 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-12-17 18:21 . 2007-12-17 18:21 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-17 18:12 . 2007-12-17 18:12 <DIR> d-------- C:\Program Files\DirectX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 19:02 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Skype
2008-01-12 13:51 --------- d-----w C:\Program Files\VibrateGameDeviceDriver
2008-01-11 23:08 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ESET
2008-01-09 22:09 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\MostFun
2008-01-09 22:08 --------- d-----w C:\Program Files\MostFun
2008-01-06 21:26 --------- d-----w C:\Program Files\Java
2008-01-06 21:25 --------- d-----w C:\Program Files\Common Files\Java
2008-01-04 16:10 --------- d-----w C:\Program Files\Opera
2008-01-04 16:05 --------- d-----w C:\Documents and Settings\Milada\Data aplikací\IEPro
2008-01-04 16:03 --------- d-----w C:\Documents and Settings\Milada\Data aplikací\Logitech
2008-01-03 19:18 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\IEPro
2008-01-03 19:17 --------- d-----w C:\Program Files\IEPro
2008-01-03 19:17 --------- d-----w C:\Program Files\IE7Pro
2008-01-03 17:20 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Zoner
2008-01-03 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 16:45 --------- d-----w C:\Program Files\Futuremark
2007-12-28 23:03 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\IE7Pro
2007-12-17 16:54 --------- d-----w C:\Program Files\Rainlendar2
2007-12-17 16:53 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-17 16:49 --------- d-----w C:\Program Files\Zoner
2007-12-17 16:46 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-17 16:45 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-17 16:44 23,552 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-12-17 16:44 --------- d-----w C:\Program Files\Yahoo!
2007-12-17 16:44 --------- d-----w C:\Program Files\CCleaner
2007-12-17 16:44 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2007-12-17 16:42 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-12-17 16:37 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-17 16:33 --------- d-----w C:\Program Files\Skype
2007-12-17 16:33 --------- d-----w C:\Program Files\Common Files\Skype
2007-12-17 16:33 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2007-12-17 16:32 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-17 16:32 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-12-17 16:27 --------- d-----w C:\Program Files\Phenix-Q8
2007-12-17 16:27 --------- d-----w C:\Program Files\Common Files\PCCamera
2007-12-17 16:20 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-17 16:19 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-17 16:18 --------- d-----w C:\Program Files\Nero
2007-12-17 16:18 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nero
2007-12-17 16:15 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Logitech
2007-12-17 16:13 --------- d-----w C:\Program Files\Logitech
2007-12-17 16:13 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-17 16:10 --------- d-----w C:\Program Files\Marvell
2007-12-17 16:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-17 16:05 --------- d-----w C:\Program Files\Analog Devices
2007-12-17 15:57 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-04 17:16 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 16:14 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-04 16:14 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-04 16:14 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 16:14 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-04 16:14 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 16:14 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-10-04 16:14 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-10-04 16:14 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 16:14 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-04 16:14 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-07-24 08:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 07:22]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-05-18 14:26]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21]
"RTBatteryMeter"="C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 11:32]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-17 17:44]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-17 17:13:48]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Radek^Nabídka Start^Programy^Po spuštění^ctfmon.exe]
path=C:\Documents and Settings\Radek\Nabídka Start\Programy\Po spuštění\ctfmon.exe
backup=C:\WINDOWS\pss\ctfmon.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 13:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 10:21 153136 --a------ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"SENS"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"helpsvc"=2 (0x2)
"ERSvc"=2 (0x2)
"Browser"=2 (0x2)
"wscsvc"=2 (0x2)

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 08:20]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 08:19]
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-12-21 08:21]
R3 PAC7311;Phenix-Q8;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 11:48]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 13:00]
S3 DynCal;Dynamic Calibration Service;C:\WINDOWS\system32\drivers\Dyncal.sys [2005-09-26 15:47]
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [2007-12-21 08:22]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 20:07:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-21 20:08:12
.
2008-01-11 23:36:05 --- E O F ---

Radkoff · Příspěvek od **Radkoff** » ned 13. led 2008, 20:13

je zajímavý, že když sem udělal ten log z hijack, nod našel trojskýho koně a disky mi dou otevřít normálně a z "po spuštění" zmizel ctfmon. proč ho nenašel dřív? byl to ten pravej? nebo se jenom maskuje, zmetek?

BUBINO · Příspěvek od **BUBINO** » ned 13. led 2008, 22:19

Do poznamkoveho bloku skopirujte toto dole !

File::
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\svc_host.dat
C:\Documents and Settings\Radek\Nabídka Start\Programy\Po spuštění\ctfmon.exe
C:\WINDOWS\pss\ctfmon.exe
C:\Recycled\ctfmon.exe
E:\Recycled\ctfmon.exe
F:\Recycled\ctfmon.exe
G:\Recycled\ctfmon.exe

DirLook::
C:\Documents and Settings\Radek\Data aplikací\Ringjacker
C:\Program Files\VibrateGameDeviceDriver
C:\Recycled
E:\Recycled
F:\Recycled
G:\Recycled

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Radek^Nabídka Start^Programy^Po spuštění^ctfmon.exe]

Ulozte na plochu ako CFScript.txt Chytte mysou, presunte nad combofix a pustite ako na obrazku dole. Program nacita zo scriptu a po skene vam vyhodi log.Ten skopirujte sem.
Obrázek

Dodatocne urobte sken z MWAVU :
http://www.viry.cz/forum/viewtopic.php?t=4097
Podla navodu spustite MWAV, nastavte ho.Nezabudnite updatovat. Po skenovani sem vlozte log z dolneho okna.

Otestovat na virustotal.com:
C:\WINDOWS\system32\d3d8caps.dat

Radkoff · Příspěvek od **Radkoff** » pon 14. led 2008, 11:25

ComboFix 07-12-21.4 - Radek 2005-01-14 11:21:27.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1610 [GMT 1:00]
Running from: C:\Documents and Settings\Radek\Plocha\Kopie - ComboFix.exe
Command switches used :: C:\Documents and Settings\Radek\Plocha\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Radek\Nabídka Start\Programy\Po spuštění\ctfmon.exe
C:\Recycled\ctfmon.exe
C:\WINDOWS\iun6002.exe
C:\WINDOWS\pss\ctfmon.exe
C:\WINDOWS\system32\svc_host.dat
E:\Recycled\ctfmon.exe
F:\Recycled\ctfmon.exe
G:\Recycled\ctfmon.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\svc_host.dat

.
((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.

2007-12-28 13:54 . 2007-12-28 13:54 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Ringjacker
2007-12-26 00:59 . 2007-12-26 00:59 <DIR> d-------- C:\Program Files\Ashampoo
2007-12-24 01:04 . 2007-12-24 01:04 <DIR> dr-hs---- C:\Recycled
2007-12-21 21:36 . 2008-01-13 12:06 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\OpenOffice.org2
2007-12-21 08:21 . 2007-12-21 08:21 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-12-20 13:01 . 2007-12-20 13:02 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-12-20 13:01 . 2007-12-20 13:02 <DIR> d-------- C:\Program Files\AVSMedia
2007-12-19 16:06 . 2007-12-19 16:06 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Ahead
2007-12-19 16:06 . 2007-12-19 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\LightScribe
2007-12-19 01:14 . 2007-12-19 01:14 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Apple Computer
2007-12-19 01:10 . 2008-01-05 23:25 <DIR> d-------- C:\Program Files\QuickTime
2007-12-19 01:10 . 2007-12-19 01:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2007-12-19 01:10 . 2008-01-05 23:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-19 01:10 . 2007-12-19 01:11 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-18 14:42 . 2008-01-12 20:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-18 01:07 . 2007-12-18 01:07 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-17 19:16 . 2004-08-17 15:49 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-17 19:16 . 2004-08-17 15:49 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-12-17 19:15 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-17 19:15 . 2004-08-17 15:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-17 19:15 . 2004-08-17 15:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-12-17 19:15 . 2001-10-24 11:54 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-17 19:15 . 2001-10-24 11:54 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-17 19:15 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-17 19:15 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-12-17 18:21 . 2007-12-17 18:21 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-17 18:12 . 2007-12-17 18:12 <DIR> d-------- C:\Program Files\DirectX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 10:18 --------- d-----w C:\Program Files\PDFCreator
2008-01-13 21:02 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Skype
2008-01-12 13:51 --------- d-----w C:\Program Files\VibrateGameDeviceDriver
2008-01-11 23:08 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ESET
2008-01-09 22:09 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\MostFun
2008-01-09 22:08 --------- d-----w C:\Program Files\MostFun
2008-01-06 21:26 --------- d-----w C:\Program Files\Java
2008-01-06 21:25 --------- d-----w C:\Program Files\Common Files\Java
2008-01-04 16:10 --------- d-----w C:\Program Files\Opera
2008-01-04 16:05 --------- d-----w C:\Documents and Settings\Milada\Data aplikací\IEPro
2008-01-04 16:03 --------- d-----w C:\Documents and Settings\Milada\Data aplikací\Logitech
2008-01-03 19:18 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\IEPro
2008-01-03 19:17 --------- d-----w C:\Program Files\IEPro
2008-01-03 19:17 --------- d-----w C:\Program Files\IE7Pro
2008-01-03 17:20 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Zoner
2008-01-03 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 16:45 --------- d-----w C:\Program Files\Futuremark
2007-12-28 23:03 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\IE7Pro
2007-12-17 16:54 --------- d-----w C:\Program Files\Rainlendar2
2007-12-17 16:53 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-17 16:49 --------- d-----w C:\Program Files\Zoner
2007-12-17 16:46 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-17 16:45 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-17 16:44 23,552 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-12-17 16:44 --------- d-----w C:\Program Files\Yahoo!
2007-12-17 16:44 --------- d-----w C:\Program Files\CCleaner
2007-12-17 16:44 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2007-12-17 16:42 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-12-17 16:37 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-17 16:33 --------- d-----w C:\Program Files\Skype
2007-12-17 16:33 --------- d-----w C:\Program Files\Common Files\Skype
2007-12-17 16:33 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2007-12-17 16:32 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-12-17 16:27 --------- d-----w C:\Program Files\Phenix-Q8
2007-12-17 16:27 --------- d-----w C:\Program Files\Common Files\PCCamera
2007-12-17 16:20 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-17 16:19 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-17 16:18 --------- d-----w C:\Program Files\Nero
2007-12-17 16:18 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nero
2007-12-17 16:15 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Logitech
2007-12-17 16:13 --------- d-----w C:\Program Files\Logitech
2007-12-17 16:13 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-17 16:10 --------- d-----w C:\Program Files\Marvell
2007-12-17 16:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-17 16:05 --------- d-----w C:\Program Files\Analog Devices
2007-12-17 15:57 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-04 17:16 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 16:14 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-04 16:14 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-04 16:14 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 16:14 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-04 16:14 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 16:14 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-10-04 16:14 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-10-04 16:14 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 16:14 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-04 16:14 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\Radek\Data aplikací\Ringjacker ----

2008-01-13 12:01 45 --a------ C:\Documents and Settings\Radek\Data aplikací\Ringjacker\contactlist.xml

---- Directory of C:\Program Files\VibrateGameDeviceDriver ----

2005-09-13 20:17 77824 --a------ C:\Program Files\VibrateGameDeviceDriver\RegClean.exe
2003-01-16 11:32 49152 --a------ C:\Program Files\VibrateGameDeviceDriver\rfpicon.exe
2002-04-20 13:13 17926 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\VID_06D6&PID_002A_per.bmp
2002-04-20 13:06 62062 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\VID_06D6&PID_002A_front.bmp
2001-06-25 23:51 17926 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\RF626u_per.bmp
2001-06-25 23:50 62062 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\RF626u_front.bmp
2001-06-17 18:20 62062 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\520u_front.bmp
2001-06-17 18:20 17926 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\520u_per.bmp
2001-04-13 16:20 62062 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\3379_front.bmp
2001-04-13 16:19 62062 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\5359_front.bmp
2001-04-13 16:18 62062 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\6889_front.bmp
2001-04-13 13:06 17926 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\6889_per.bmp
2001-04-13 13:04 17926 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\5359_per.bmp
2001-04-13 13:03 17926 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\3379_per.bmp
2001-03-13 21:40 17926 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\6009_per.bmp
2001-03-13 21:39 62062 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\525_front.bmp
2001-03-13 21:39 62062 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\368_front.bmp
2001-03-13 21:39 17926 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\368_per.bmp
2001-03-13 21:39 17926 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\266_per.bmp
2001-03-13 21:38 62062 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\6009_front.bmp
2001-03-13 21:38 16918 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\525_per.bmp
2000-11-10 11:54 62062 --a------ C:\Program Files\VibrateGameDeviceDriver\GFX\266_front.bmp
2000-11-08 11:52 1062 --a------ C:\Program Files\VibrateGameDeviceDriver\English.txt

---- Directory of C:\Recycled ----

2007-12-24 01:04 65 -r-hs---- C:\Recycled\desktop.ini
2007-12-24 01:04 22 ---hs---- C:\Recycled\INFO2

---- Directory of E:\Recycled ----

2007-12-25 01:37 65 -r-hs---- E:\Recycled\desktop.ini
2007-12-25 01:37 22 ---hs---- E:\Recycled\INFO2

---- Directory of F:\Recycled ----

2007-12-25 01:37 65 -r-hs---- F:\Recycled\desktop.ini
2007-12-25 01:37 22 ---hs---- F:\Recycled\INFO2

---- Directory of G:\Recycled ----

2007-12-25 01:37 65 -r-hs---- G:\Recycled\desktop.ini
2007-12-25 01:37 22 ---hs---- G:\Recycled\INFO2

((((((((((((((((((((((((((((( snapshot@2007-12-21_20.07.56,95 )))))))))))))))))))))))))))))))))))))))))
.
+ 1998-07-06 00:00:00 23,552 ----a-w C:\WINDOWS\system32\MSMPIDE.DLL
- 2006-03-02 12:00:00 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
+ 2004-02-23 00:00:00 1,386,496 ----a-w C:\WINDOWS\system32\MSVBVM60.DLL
+ 2001-10-28 16:42:30 116,224 ----a-w C:\WINDOWS\system32\pdfcmnnt.dll
+ 2005-06-25 13:16:48 138,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2005-06-25 13:16:50 480,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-07-24 08:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 07:22]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-05-18 14:26]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21]
"RTBatteryMeter"="C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 11:32]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-17 17:44]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-17 17:13:48]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 13:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 10:21 153136 --a------ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"SENS"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"helpsvc"=2 (0x2)
"ERSvc"=2 (0x2)
"Browser"=2 (0x2)
"wscsvc"=2 (0x2)

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 08:20]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 08:19]
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-12-21 08:21]
R3 PAC7311;Phenix-Q8;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 11:48]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 13:00]
S3 DynCal;Dynamic Calibration Service;C:\WINDOWS\system32\drivers\Dyncal.sys [2005-09-26 15:47]
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [2007-12-21 08:22]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 11:22:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-21 11:22:26
C:\ComboFix2.txt ... 2007-12-21 20:08
.
2008-01-11 23:36:05 --- E O F ---

Radkoff · Příspěvek od **Radkoff** » pon 14. led 2008, 12:07

ten soubor na virustotal je OK

Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "broadcastpc Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "broadcastpc Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "broadcastpc Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "broadcastpc Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "broadcastpc Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "broadcastpc Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "broadcastpc Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "broadcastpc Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.

BUBINO · Příspěvek od **BUBINO** » pon 14. led 2008, 13:42

Ten zmrd tam este je : http://vil.nai.com/vil/content/v_140684.htm

Do poznamkoveho bloku napiste toto :

Folders::
C:\Recycled
E:\Recycled
F:\Recycled
G:\Recycled

Ulozte na plochu ako CFScript.txt a mysou pretiahnite a nasledne pustite nad combom ako prvy krat.
Potom sem vlozte log.

Toto poznate?
C:\Documents and Settings\Radek\Data aplikací\Ringjacker
C:\Program Files\VibrateGameDeviceDriver
Skuste uploadovat obsach suborov na virustotal.com. U toho druheho, staci 2-3 subory.

Potom, ako to urobite dajte sem log z Hijackthisu a preferujte, ci problemy zmizli.

Radkoff · Příspěvek od **Radkoff** » pon 14. led 2008, 20:35

no, vlastně na ten ringjacker sem se chtěl taky nějak zeptat. okno mi vyskočí vždy při spuštění Skype (Ringjacker was blocked by Skype. Please check your Skype settings. Application will now exit). No, nikde sem to v nastavení skype nenašel, tak nevim. A kromě nainstalování skype sem s ním nic nedělal.
projedu ho virustotalem a uvidim.

ta druhá věc sou ovladače pro volant.

Radkoff · Příspěvek od **Radkoff** » pon 14. led 2008, 20:40

ComboFix 07-12-21.4 - Radek 2003-12-21 20:37:26.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1591 [GMT 1:00]
Running from: C:\Documents and Settings\Radek\Plocha\Kopie - ComboFix.exe
Command switches used :: C:\Documents and Settings\Radek\Plocha\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.

2007-12-28 13:54 . 2007-12-28 13:54 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Ringjacker
2007-12-26 00:59 . 2007-12-26 00:59 <DIR> d-------- C:\Program Files\Ashampoo
2007-12-24 01:04 . 2007-12-24 01:04 <DIR> dr-hs---- C:\Recycled
2007-12-21 21:36 . 2008-01-13 12:06 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\OpenOffice.org2
2007-12-21 11:34 . 2007-12-21 11:38 0 --a------ C:\23990098.$$$
2007-12-21 11:33 . 2007-12-21 11:33 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-12-21 11:33 . 2007-12-21 11:33 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-12-21 11:33 . 2007-12-21 11:33 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-12-21 11:33 . 2007-12-21 11:33 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-12-21 11:33 . 2007-12-21 11:33 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-12-21 11:33 . 2007-12-21 11:33 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-12-21 11:32 . 2007-12-21 11:33 50 --a------ C:\WINDOWS\Lic.xxx
2007-12-21 11:30 . 2006-03-02 13:00 147,968 --a------ C:\WINDOWS\R.COM
2007-12-21 11:30 . 2006-03-02 13:00 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-12-21 08:21 . 2007-12-21 08:21 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-12-20 13:01 . 2007-12-20 13:02 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-12-20 13:01 . 2007-12-20 13:02 <DIR> d-------- C:\Program Files\AVSMedia
2007-12-19 16:06 . 2007-12-19 16:06 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Ahead
2007-12-19 16:06 . 2007-12-19 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\LightScribe
2007-12-19 01:14 . 2007-12-19 01:14 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Apple Computer
2007-12-19 01:10 . 2008-01-05 23:25 <DIR> d-------- C:\Program Files\QuickTime
2007-12-19 01:10 . 2007-12-19 01:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2007-12-19 01:10 . 2008-01-05 23:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-19 01:10 . 2007-12-19 01:11 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-18 14:42 . 2008-01-12 20:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-18 01:07 . 2007-12-18 01:07 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-17 19:16 . 2004-08-17 15:49 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-17 19:16 . 2004-08-17 15:49 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-12-17 19:15 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-17 19:15 . 2004-08-17 15:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-17 19:15 . 2004-08-17 15:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-12-17 19:15 . 2001-10-24 11:54 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-17 19:15 . 2001-10-24 11:54 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-17 19:15 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-17 19:15 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-12-17 18:21 . 2007-12-17 18:21 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-17 18:12 . 2007-12-17 18:12 <DIR> d-------- C:\Program Files\DirectX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 10:18 --------- d-----w C:\Program Files\PDFCreator
2008-01-12 13:51 --------- d-----w C:\Program Files\VibrateGameDeviceDriver
2008-01-11 23:08 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ESET
2008-01-09 22:09 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\MostFun
2008-01-09 22:08 --------- d-----w C:\Program Files\MostFun
2008-01-06 21:26 --------- d-----w C:\Program Files\Java
2008-01-06 21:25 --------- d-----w C:\Program Files\Common Files\Java
2008-01-04 16:10 --------- d-----w C:\Program Files\Opera
2008-01-04 16:05 --------- d-----w C:\Documents and Settings\Milada\Data aplikací\IEPro
2008-01-04 16:03 --------- d-----w C:\Documents and Settings\Milada\Data aplikací\Logitech
2008-01-03 19:18 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\IEPro
2008-01-03 19:17 --------- d-----w C:\Program Files\IEPro
2008-01-03 19:17 --------- d-----w C:\Program Files\IE7Pro
2008-01-03 17:20 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Zoner
2008-01-03 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 16:45 --------- d-----w C:\Program Files\Futuremark
2007-12-28 23:03 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\IE7Pro
2007-12-21 19:28 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Skype
2007-12-17 16:54 --------- d-----w C:\Program Files\Rainlendar2
2007-12-17 16:53 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-17 16:49 --------- d-----w C:\Program Files\Zoner
2007-12-17 16:46 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-17 16:45 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-17 16:44 23,552 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-12-17 16:44 --------- d-----w C:\Program Files\Yahoo!
2007-12-17 16:44 --------- d-----w C:\Program Files\CCleaner
2007-12-17 16:44 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2007-12-17 16:42 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-12-17 16:37 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-17 16:33 --------- d-----w C:\Program Files\Skype
2007-12-17 16:33 --------- d-----w C:\Program Files\Common Files\Skype
2007-12-17 16:33 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2007-12-17 16:32 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-12-17 16:27 --------- d-----w C:\Program Files\Phenix-Q8
2007-12-17 16:27 --------- d-----w C:\Program Files\Common Files\PCCamera
2007-12-17 16:20 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-17 16:19 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-17 16:18 --------- d-----w C:\Program Files\Nero
2007-12-17 16:18 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nero
2007-12-17 16:15 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Logitech
2007-12-17 16:13 --------- d-----w C:\Program Files\Logitech
2007-12-17 16:13 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-17 16:10 --------- d-----w C:\Program Files\Marvell
2007-12-17 16:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-17 16:05 --------- d-----w C:\Program Files\Analog Devices
2007-12-17 15:57 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-04 17:16 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 16:14 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-04 16:14 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-04 16:14 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 16:14 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-04 16:14 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 16:14 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-10-04 16:14 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-10-04 16:14 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 16:14 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-04 16:14 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-21_20.07.56,95 )))))))))))))))))))))))))))))))))))))))))
.
+ 1998-07-06 00:00:00 23,552 ----a-w C:\WINDOWS\system32\MSMPIDE.DLL
- 2006-03-02 12:00:00 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
+ 2004-02-23 00:00:00 1,386,496 ----a-w C:\WINDOWS\system32\MSVBVM60.DLL
+ 2001-10-28 16:42:30 116,224 ----a-w C:\WINDOWS\system32\pdfcmnnt.dll
+ 2005-06-25 13:16:48 138,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2005-06-25 13:16:50 480,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-07-24 08:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 07:22]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-05-18 14:26]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21]
"RTBatteryMeter"="C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 11:32]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-17 17:44]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-17 17:13:48]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 13:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 10:21 153136 --a------ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"SENS"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"helpsvc"=2 (0x2)
"ERSvc"=2 (0x2)
"Browser"=2 (0x2)
"wscsvc"=2 (0x2)

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 08:20]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 08:19]
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-12-21 08:21]
R3 PAC7311;Phenix-Q8;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 11:48]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 13:00]
S3 DynCal;Dynamic Calibration Service;C:\WINDOWS\system32\drivers\Dyncal.sys [2005-09-26 15:47]
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [2007-12-21 08:22]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 20:38:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-21 20:38:22
C:\ComboFix2.txt ... 2007-12-21 11:22
C:\ComboFix3.txt ... 2007-12-21 20:08
.
2008-01-11 23:36:05 --- E O F ---

BUBINO · Příspěvek od **BUBINO** » pon 14. led 2008, 20:59

Do poznamkoveho:

File::
C:\23990098.$$$
C:\WINDOWS\Lic.xxx
C:\WINDOWS\system32\T.COM
C:\WINDOWS\R.COM
C:\Recycled
E:\Recycled
F:\Recycled
G:\Recycled

Folder::
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe
C:\Documents and Settings\Radek\Data aplikací\Ringjacker

Script hodte este raz.Teraz pojde.
Ulozit ako CFScript.txt a pretiahnut na combo.
Po som sem dajte log.

Obsah Ringjacker je contactlist.xml. Skuste to zozalohovat na plochu a potom dajte script.Ten ho zmaze.Preferujte ci problemy zmizli, ak by skype nechcelo ist, tak ho obnovte zo zalohy, ale malo by to byt ok.

Radkoff · Příspěvek od **Radkoff** » pon 14. led 2008, 23:28

ComboFix 07-12-21.4 - Radek 2003-12-21 23:12:30.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1649 [GMT 1:00]
Running from: C:\Documents and Settings\Radek\Plocha\Kopie - ComboFix.exe
Command switches used :: C:\Documents and Settings\Radek\Plocha\CFScript.txt
* Created a new restore point

FILE
C:\23990098.$$$
C:\Recycled
C:\WINDOWS\Lic.xxx
C:\WINDOWS\R.COM
C:\WINDOWS\system32\T.COM
E:\Recycled
F:\Recycled
G:\Recycled
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\23990098.$$$
C:\Documents and Settings\Radek\Data aplikací\Ringjacker
C:\Documents and Settings\Radek\Data aplikací\Ringjacker\contactlist.xml
C:\WINDOWS\Lic.xxx
C:\WINDOWS\logo1_.exe
C:\WINDOWS\R.COM
C:\WINDOWS\rundl132.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\system32\T.COM
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\zts2.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.

2007-12-26 00:59 . 2007-12-26 00:59 <DIR> d-------- C:\Program Files\Ashampoo
2007-12-24 01:04 . 2007-12-24 01:04 <DIR> dr-hs---- C:\Recycled
2007-12-21 21:36 . 2008-01-13 12:06 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\OpenOffice.org2
2007-12-21 08:21 . 2007-12-21 08:21 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-12-20 13:01 . 2007-12-20 13:02 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-12-20 13:01 . 2007-12-20 13:02 <DIR> d-------- C:\Program Files\AVSMedia
2007-12-19 16:06 . 2007-12-19 16:06 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Ahead
2007-12-19 16:06 . 2007-12-19 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\LightScribe
2007-12-19 01:14 . 2007-12-19 01:14 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Apple Computer
2007-12-19 01:10 . 2008-01-05 23:25 <DIR> d-------- C:\Program Files\QuickTime
2007-12-19 01:10 . 2007-12-19 01:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2007-12-19 01:10 . 2008-01-05 23:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-19 01:10 . 2007-12-19 01:11 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-18 14:42 . 2008-01-12 20:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-18 01:07 . 2007-12-18 01:07 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-17 19:16 . 2004-08-17 15:49 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-17 19:16 . 2004-08-17 15:49 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-12-17 19:15 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-17 19:15 . 2004-08-17 15:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-17 19:15 . 2004-08-17 15:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-12-17 19:15 . 2001-10-24 11:54 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-17 19:15 . 2001-10-24 11:54 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-17 19:15 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-17 19:15 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-12-17 18:21 . 2007-12-17 18:21 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-17 18:12 . 2007-12-17 18:12 <DIR> d-------- C:\Program Files\DirectX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 10:18 --------- d-----w C:\Program Files\PDFCreator
2008-01-12 13:51 --------- d-----w C:\Program Files\VibrateGameDeviceDriver
2008-01-11 23:08 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ESET
2008-01-09 22:09 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\MostFun
2008-01-09 22:08 --------- d-----w C:\Program Files\MostFun
2008-01-06 21:26 --------- d-----w C:\Program Files\Java
2008-01-06 21:25 --------- d-----w C:\Program Files\Common Files\Java
2008-01-04 16:10 --------- d-----w C:\Program Files\Opera
2008-01-04 16:05 --------- d-----w C:\Documents and Settings\Milada\Data aplikací\IEPro
2008-01-04 16:03 --------- d-----w C:\Documents and Settings\Milada\Data aplikací\Logitech
2008-01-03 19:18 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\IEPro
2008-01-03 19:17 --------- d-----w C:\Program Files\IEPro
2008-01-03 19:17 --------- d-----w C:\Program Files\IE7Pro
2008-01-03 17:20 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Zoner
2008-01-03 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 16:45 --------- d-----w C:\Program Files\Futuremark
2007-12-28 23:03 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\IE7Pro
2007-12-21 20:26 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Skype
2007-12-17 16:54 --------- d-----w C:\Program Files\Rainlendar2
2007-12-17 16:53 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-17 16:49 --------- d-----w C:\Program Files\Zoner
2007-12-17 16:46 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-17 16:45 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-17 16:44 23,552 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-12-17 16:44 --------- d-----w C:\Program Files\Yahoo!
2007-12-17 16:44 --------- d-----w C:\Program Files\CCleaner
2007-12-17 16:44 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2007-12-17 16:42 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-12-17 16:37 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-17 16:33 --------- d-----w C:\Program Files\Skype
2007-12-17 16:33 --------- d-----w C:\Program Files\Common Files\Skype
2007-12-17 16:33 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2007-12-17 16:32 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-12-17 16:27 --------- d-----w C:\Program Files\Phenix-Q8
2007-12-17 16:27 --------- d-----w C:\Program Files\Common Files\PCCamera
2007-12-17 16:20 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-17 16:19 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-17 16:18 --------- d-----w C:\Program Files\Nero
2007-12-17 16:18 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nero
2007-12-17 16:15 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Logitech
2007-12-17 16:13 --------- d-----w C:\Program Files\Logitech
2007-12-17 16:13 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-17 16:10 --------- d-----w C:\Program Files\Marvell
2007-12-17 16:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-17 16:05 --------- d-----w C:\Program Files\Analog Devices
2007-12-17 15:57 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-04 17:16 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 16:14 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-04 16:14 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-04 16:14 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 16:14 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-04 16:14 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 16:14 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-10-04 16:14 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-10-04 16:14 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 16:14 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-04 16:14 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-21_20.07.56,95 )))))))))))))))))))))))))))))))))))))))))
.
+ 1998-07-06 00:00:00 23,552 ----a-w C:\WINDOWS\system32\MSMPIDE.DLL
- 2006-03-02 12:00:00 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
+ 2004-02-23 00:00:00 1,386,496 ----a-w C:\WINDOWS\system32\MSVBVM60.DLL
+ 2001-10-28 16:42:30 116,224 ----a-w C:\WINDOWS\system32\pdfcmnnt.dll
+ 2005-06-25 13:16:48 138,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2005-06-25 13:16:50 480,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-07-24 08:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 07:22]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-05-18 14:26]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-17 17:44]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-17 17:13:48]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 13:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 10:21 153136 --a------ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTBatteryMeter]
2003-01-16 11:32 49152 --a------ C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"SENS"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"helpsvc"=2 (0x2)
"ERSvc"=2 (0x2)
"Browser"=2 (0x2)
"wscsvc"=2 (0x2)

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 08:20]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 08:19]
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-12-21 08:21]
R3 PAC7311;Phenix-Q8;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 11:48]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 13:00]
S3 DynCal;Dynamic Calibration Service;C:\WINDOWS\system32\drivers\Dyncal.sys [2005-09-26 15:47]
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [2007-12-21 08:22]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 23:13:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-21 23:13:29
C:\ComboFix2.txt ... 2007-12-21 20:38
C:\ComboFix3.txt ... 2007-12-21 11:22
.
2008-01-11 23:36:05 --- E O F ---

ta hláška o ringjackerovi se zobrazuje pořád. ale to je jedno. pokud to není nějakej trojan, tak mě to nemrzí. třeba časem přijdu, na co to je.
počítač se chová v pohodě. výše zmíněné problémy už se nevyskytují, nicméně hlavní problém, kvůli kterýmu sem instaloval antivirus v domnění, že jde o virus nezmizel.
počítač po přihlášení do win má pomalou odezvu, zhruba 20s, hadr žere, ale já nevím co. spustím-li např. WMP, trvá dobrých 5-10 sekund, než vůbec naběhne. dělá mi to tak týden. v programech po spuštění je jen to, co tam má být. poslední možnost byl ten virus.

BUBINO · Příspěvek od **BUBINO** » úte 15. led 2008, 14:43

Ach, prepacte. Pisem tu blbe scripty:-( Recycled je zlozka, ja ju davam ako subor.Mal som vir, co vytvaral takyto subor, este raz sa ospravedlnujem!
Tentokrat uz pisem dobry script.

Do poznamkoveho bloku skopirujte toto:

File::
C:\Recycled\desktop.ini
C:\Recycled\INFO2
E:\Recycled\desktop.ini
E:\Recycled\INFO2
F:\Recycled\desktop.ini
F:\Recycled\INFO2
G:\Recycled\desktop.ini
G:\Recycled\INFO2

Folder::
C:\Recycled
E:\Recycled
F:\Recycled
G:\Recycled

Ulozte ako CFSCript.txt , preneste nad combo.Potom tu dajte log. Urobte log aj z HJT.

Radkoff · Příspěvek od **Radkoff** » sob 19. led 2008, 00:30

ComboFix 07-12-21.4 - Radek 2004-01-19 0:28:04.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1506 [GMT 1:00]
Running from: C:\Documents and Settings\Radek\Plocha\Ko0pie - ComboFix.exe
Command switches used :: C:\Documents and Settings\Radek\Plocha\CFScript.txt
* Created a new restore point

FILE
C:\Recycled\desktop.ini
C:\Recycled\INFO2
E:\Recycled\desktop.ini
E:\Recycled\INFO2
F:\Recycled\desktop.ini
F:\Recycled\INFO2
G:\Recycled\desktop.ini
G:\Recycled\INFO2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Recycled
C:\Recycled\desktop.ini
C:\Recycled\INFO2
E:\Recycled
E:\Recycled\desktop.ini
E:\Recycled\INFO2
F:\Recycled
F:\Recycled\desktop.ini
F:\Recycled\INFO2
G:\Recycled
G:\Recycled\desktop.ini
G:\Recycled\INFO2

.
((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.

2007-12-26 00:59 . 2007-12-26 00:59 <DIR> d-------- C:\Program Files\Ashampoo
2007-12-21 23:29 . 2007-12-21 23:29 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-21 23:29 . 2007-12-21 00:28 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\skypePM
2007-12-21 23:29 . 2007-12-21 23:29 32 --a------ C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2007-12-21 21:36 . 2008-01-15 19:31 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\OpenOffice.org2
2007-12-21 08:21 . 2007-12-21 08:21 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-12-20 13:01 . 2007-12-20 13:02 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-12-20 13:01 . 2007-12-20 13:02 <DIR> d-------- C:\Program Files\AVSMedia
2007-12-19 16:06 . 2007-12-19 16:06 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Ahead
2007-12-19 16:06 . 2007-12-19 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\LightScribe
2007-12-19 01:14 . 2007-12-19 01:14 <DIR> d-------- C:\Documents and Settings\Radek\Data aplikací\Apple Computer
2007-12-19 01:10 . 2008-01-05 23:25 <DIR> d-------- C:\Program Files\QuickTime
2007-12-19 01:10 . 2007-12-19 01:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2007-12-19 01:10 . 2008-01-05 23:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-19 01:10 . 2007-12-19 01:11 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-18 14:42 . 2008-01-12 20:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-18 01:07 . 2007-12-18 01:07 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-17 19:16 . 2004-08-17 15:49 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-17 19:16 . 2004-08-17 15:49 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-12-17 19:15 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-17 19:15 . 2004-08-17 15:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-17 19:15 . 2004-08-17 15:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-12-17 19:15 . 2001-10-24 11:54 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-17 19:15 . 2001-10-24 11:54 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-17 19:15 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-17 19:15 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-12-17 18:21 . 2007-12-17 18:21 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-17 18:12 . 2007-12-17 18:12 <DIR> d-------- C:\Program Files\DirectX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 16:39 --------- d-----w C:\Program Files\Zoner
2008-01-15 16:37 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Zoner
2008-01-14 10:18 --------- d-----w C:\Program Files\PDFCreator
2008-01-11 23:08 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ESET
2008-01-09 22:08 --------- d-----w C:\Program Files\MostFun
2008-01-06 21:26 --------- d-----w C:\Program Files\Java
2008-01-06 21:25 --------- d-----w C:\Program Files\Common Files\Java
2008-01-04 16:10 --------- d-----w C:\Program Files\Opera
2008-01-04 16:05 --------- d-----w C:\Documents and Settings\Milada\Data aplikací\IEPro
2008-01-04 16:03 --------- d-----w C:\Documents and Settings\Milada\Data aplikací\Logitech
2008-01-03 19:18 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\IEPro
2008-01-03 19:17 --------- d-----w C:\Program Files\IEPro
2008-01-03 19:17 --------- d-----w C:\Program Files\IE7Pro
2008-01-03 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 16:45 --------- d-----w C:\Program Files\Futuremark
2007-12-28 23:03 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\IE7Pro
2007-12-20 23:28 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Skype
2007-12-17 16:54 --------- d-----w C:\Program Files\Rainlendar2
2007-12-17 16:53 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-17 16:46 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-17 16:45 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-17 16:44 23,552 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-12-17 16:44 --------- d-----w C:\Program Files\CCleaner
2007-12-17 16:42 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-12-17 16:37 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-17 16:33 --------- d-----w C:\Program Files\Skype
2007-12-17 16:33 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2007-12-17 16:32 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-12-17 16:27 --------- d-----w C:\Program Files\Phenix-Q8
2007-12-17 16:27 --------- d-----w C:\Program Files\Common Files\PCCamera
2007-12-17 16:20 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-17 16:19 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-17 16:18 --------- d-----w C:\Program Files\Nero
2007-12-17 16:18 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nero
2007-12-17 16:15 --------- d-----w C:\Documents and Settings\Radek\Data aplikací\Logitech
2007-12-17 16:13 --------- d-----w C:\Program Files\Logitech
2007-12-17 16:13 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-17 16:10 --------- d-----w C:\Program Files\Marvell
2007-12-17 16:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-17 16:05 --------- d-----w C:\Program Files\Analog Devices
2007-12-17 15:57 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-04 17:16 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 16:14 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-04 16:14 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-04 16:14 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 16:14 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-04 16:14 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 16:14 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-10-04 16:14 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-10-04 16:14 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 16:14 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-04 16:14 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-07-24 08:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 07:22]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-05-18 14:26]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-17 17:44]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-17 17:13:48]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 13:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 10:21 153136 --a------ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTBatteryMeter]
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"SENS"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"helpsvc"=2 (0x2)
"ERSvc"=2 (0x2)
"Browser"=2 (0x2)
"wscsvc"=2 (0x2)

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 08:20]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 08:19]
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-12-21 08:21]
R3 PAC7311;Phenix-Q8;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 11:48]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 13:00]
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [2007-12-21 08:22]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 00:28:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-21 0:29:03
.
2008-01-11 23:36:05 --- E O F ---

Radkoff · Příspěvek od **Radkoff** » sob 19. led 2008, 00:32

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:31:28, on 21.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
G:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\Program Files\IEPro\IEProRs.dll/easyhome.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 5528 bytes

Radkoff · Příspěvek od **Radkoff** » sob 19. led 2008, 00:37

semtam se mi hryzne prohlížeč (opera). na nic nereaguje, jen jde zavřít okno.

vždy, když kliknu na start, pokaždé se objeví ta bublina (byly nainstalovány nové programy) a sou podbarvený programy, který sem instaloval už dávno.
teď, co sem hodil ten poslední script, už se neobjevuje. budu to sledovat. tak je to tam zas...

pokaždý, když jede scan combofixu, nod mi vyhazuje hlášku, vždycky tam chvíli zůstane, pak zmizne a objeví se znovu. vlastně tam poblikává po celou dobu scanu:

BUBINO · Příspěvek od **BUBINO** » sob 19. led 2008, 00:52

Toto v programe fixnite:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Je dobre, ak pri skene sa vypnu rezidentne stity vratane antivirov. Neaku cast pravdepodobne oznaci za vira, i ked nou nie je, alebo oznaci za smejdy tie subory, ktore sme dali zmazat. Tak to iba rusi a nemusi to prejst korektne, preto antiviri treba vypnut.

Nevidim Firewall. Doinstalovat.

Pocitac docistite neikolko krat s ccleanerom :
http://www.viry.cz/forum/viewtopic.php?t=7478

Preferujte ci problemy zmizli.

Vždy, když nainstaluju antivir...

Vždy, když nainstaluju antivir...

Re: Vždy, když nainstaluju antivir...