Ahojte,pocitac me posledni dobou nejak proste jak to rict,no proste si dela co chce nekdy,firefox me nekdy zere takovy vykon ze to není mozne,obcas kompu totalne hrabe tak prosim o kontrolu logu ktere bych mel zafixovat,sam tomu vubec nerozumim,tak prosim tomu kdo tomu rozumi jestli by me nepomohl,dekuju mockrat.
Logfile of HijackThis v1.99.1
Scan saved at 0:59:56, on 20.1.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\milda\Plocha\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_0_1.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_0_1.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A34C44B3-26AB-4A09-BBE6-3A8F76E0E794}: NameServer = 62.240.178.250,62.240.161.226
O18 - Protocol: bw+0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0FDDEF4F-A6E8-4C41-BDBA-1E3DA635AA75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Zdravim vsechny,prosim o pomoc
- solda1
- Začátečník
-
- Registrován: 15. dub 2007
- Bydliště: Hodonín
- Kontaktovat uživatele:
- paul27
- Začátečník
-
- Registrován: 07. zář 2007
- Bydliště: Praha
- Kontaktovat uživatele:
- solda1
- Začátečník
-
- Registrován: 15. dub 2007
- Bydliště: Hodonín
- Kontaktovat uživatele:
- paul27
- Začátečník
-
- Registrován: 07. zář 2007
- Bydliště: Praha
- Kontaktovat uživatele:
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Ospravedlnujem za za vstup:
Solda1, urob log pomocou kombofixu :
Dalej, ako paul27 povedal, použi MWAV. :
http://www.viry.cz/forum/viewtopic.php?t=4097
Podla navodu presne nastav, nezabudni updatovat a pocitac preskenuj. Log, ktory sa ukaze na konci skene v dolnom okne, skopiruj sem. Ale len v dolnom.
Z logov ti radca urci, ci mas smejdy, alebo nie.
Solda1, urob log pomocou kombofixu :
stahnete a ulozte na plochu ComboFix
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, stisknete klavesu 1 pro pokracovani
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), postupujte dle pokynu na obrazovce, behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate Spyware Terminator, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze se pri skenu Combofix pokousi infikovane soubory smazat a Spyware Terminator tomu muze branit
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
Dalej, ako paul27 povedal, použi MWAV. : http://www.viry.cz/forum/viewtopic.php?t=4097
Podla navodu presne nastav, nezabudni updatovat a pocitac preskenuj. Log, ktory sa ukaze na konci skene v dolnom okne, skopiruj sem. Ale len v dolnom.
Z logov ti radca urci, ci mas smejdy, alebo nie.
- solda1
- Začátečník
-
- Registrován: 15. dub 2007
- Bydliště: Hodonín
- Kontaktovat uživatele:
- solda1
- Začátečník
-
- Registrován: 15. dub 2007
- Bydliště: Hodonín
- Kontaktovat uživatele:
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Asi som isiel na vas zhurta. Tu mate odkaz : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stiahnite si program a urobte log podla navodu combofixom hore.Log dajte sem, budeme pokracovat.
Stiahnite si program a urobte log podla navodu combofixom hore.Log dajte sem, budeme pokracovat.
- solda1
- Začátečník
-
- Registrován: 15. dub 2007
- Bydliště: Hodonín
- Kontaktovat uživatele:
diky ses hodnej....dufam ze toto je to spravny...
ComboFix 08-01-23.1C - milda 2008-01-25 17:03:25.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.539 [GMT 1:00]
Running from: C:\Documents and Settings\milda\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\OPTIONS\CABS\_desktop.ini
C:\WINDOWS\system32\hqghumea.dll
C:\WINDOWS\system32\jrxeoqsw.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.
2008-01-25 17:11 . 2008-01-25 17:11 520 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-25 17:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 16:36 . 2008-01-25 16:36 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-25 16:33 . 2008-01-25 16:40 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-25 16:33 . 2008-01-25 16:34 <DIR> d-------- C:\Program Files\Crawler
2008-01-25 16:22 . 2008-01-25 16:22 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-01-25 16:11 . 2008-01-25 16:12 <DIR> d-------- C:\Program Files\CCleaner
2008-01-24 21:41 . 2008-01-24 21:42 <DIR> d-------- C:\Program Files\Hero Editor
2008-01-24 21:41 . 2008-01-24 21:41 249,856 --------- C:\WINDOWS\Setup1.exe
2008-01-24 21:41 . 2008-01-24 21:41 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-01-22 21:15 . 2008-01-22 21:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-22 15:16 . 2008-01-23 09:14 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-22 14:28 . 2008-01-22 14:28 <DIR> d-------- C:\Program Files\Nero
2008-01-22 14:28 . 2008-01-22 14:30 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-20 22:57 . 2008-01-20 23:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-20 22:43 . 2008-01-20 22:43 <DIR> d-------- C:\WINDOWS\provisioning
2008-01-20 22:43 . 2008-01-21 17:46 <DIR> d-------- C:\WINDOWS\peernet
2008-01-20 22:36 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002393_.tmp
2008-01-20 22:34 . 2008-01-21 17:46 <DIR> d-------- C:\WINDOWS\EHome
2008-01-20 16:46 . 2008-01-20 16:46 395,776 --a------ C:\WINDOWS\system32\drone.exe
2008-01-20 16:46 . 2008-01-20 16:46 395,776 -r-hs---- C:\WINDOWS\system\wcntfysvc.exe
2008-01-20 16:46 . 2008-01-20 16:46 70 --a------ C:\WINDOWS\system32\i
2008-01-20 15:47 . 2008-01-20 15:49 23,294 --ah----- C:\WINDOWS\system32\wtcopijj.exe
2008-01-20 15:47 . 2008-01-20 15:48 20,916 --ah----- C:\WINDOWS\system32\itup.exe
2008-01-20 00:45 . 2008-01-20 17:14 38,324 --a------ C:\WINDOWS\system32\sysinfo.exe
2008-01-20 00:45 . 2008-01-24 21:16 61 --a------ C:\WINDOWS\system32\o
2008-01-20 00:32 . 2008-01-20 00:32 3,584 --ah----- C:\WINDOWS\system32\aefgu.exe
2008-01-20 00:31 . 2008-01-20 00:31 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-20 00:31 . 2008-01-20 00:31 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-01-20 00:31 . 2008-01-20 00:31 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-18 21:04 . 2008-01-18 21:05 <DIR> d-------- C:\Program Files\uTorrent
2008-01-17 20:11 . 2008-01-17 20:11 <DIR> d-------- C:\Program Files\Ventrilo
2008-01-17 20:11 . 2008-01-17 20:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 18:37 . 2008-01-14 18:37 <DIR> d-------- C:\Temp
2008-01-13 14:57 . 2008-01-13 14:57 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-01-13 14:57 . 2008-01-13 15:08 30,970 --a------ C:\WINDOWS\DIIUnin.dat
2008-01-13 14:57 . 2008-01-13 14:57 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-01-13 02:27 . 2008-01-13 02:27 <DIR> d-------- C:\Program Files\ffdshow
2008-01-13 02:27 . 2008-01-13 02:27 <DIR> d-------- C:\Program Files\DivX Player Pro
2008-01-12 12:14 . 2008-01-12 12:14 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-12 11:54 . 2008-01-12 11:54 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-12 11:37 . 2008-01-13 15:04 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-01-12 11:37 . 2008-01-13 15:04 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-01-12 11:37 . 2008-01-13 15:04 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-01-09 23:06 . 2008-01-13 14:56 <DIR> d-------- C:\Games
2008-01-07 15:38 . 2008-01-07 15:43 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-01-07 15:38 . 2008-01-07 15:46 68,704 --a------ C:\WINDOWS\War3Unin.dat
2008-01-07 15:38 . 2008-01-07 15:43 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-01-05 23:47 . 2008-01-06 02:45 <DIR> d-------- C:\Program Files\BitComet
2008-01-05 23:47 . 2008-01-22 20:03 <DIR> d-------- C:\Downloads
2008-01-05 23:47 . 2008-01-05 23:47 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-01-05 15:45 . 2008-01-05 15:45 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-01-03 22:59 . 2008-01-03 22:59 <DIR> d-------- C:\Program Files\Lavalys
2008-01-03 20:42 . 2008-01-23 09:04 <DIR> d-------- C:\Program Files\Testy Autoçkola
2007-12-31 17:22 . 2007-12-31 17:22 <DIR> d-------- C:\Program Files\Opera
2007-12-31 10:18 . 2008-01-21 00:31 <DIR> d-------- C:\Program Files\ICQToolbar
2007-12-31 10:18 . 2008-01-15 15:57 <DIR> d-------- C:\Program Files\ICQLite
2007-12-30 23:28 . 2007-12-30 23:28 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-12-30 23:15 . 2007-12-30 23:15 <DIR> d-------- C:\Program Files\EA GAMES
2007-12-30 23:11 . 2008-01-21 01:03 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2007-12-30 23:10 . 2007-12-30 23:11 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2007-12-30 23:08 . 2007-12-30 23:08 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-30 22:56 . 2007-12-30 22:56 <DIR> d-------- C:\Need.for.Speed.Underground.2
2007-12-30 22:42 . 2008-01-24 12:45 350 --a------ C:\WINDOWS\RefreshLock.ini
2007-12-30 22:40 . 2007-12-30 23:28 <DIR> d-------- C:\Program Files\totalcmd
2007-12-30 22:40 . 2008-01-20 12:36 2,519 --a------ C:\WINDOWS\wincmd.ini
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\UC.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2007-12-30 22:39 . 2008-01-20 14:00 <DIR> d-------- C:\Program Files\Webteh
2007-12-30 22:39 . 2007-12-30 22:39 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-30 22:38 . 2007-12-30 22:38 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-30 22:29 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-12-30 22:29 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-12-30 22:29 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2007-12-30 22:29 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-12-30 22:29 . 2004-08-03 14:05 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-12-30 22:29 . 2004-08-03 13:59 168,216 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-12-30 22:29 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-12-30 22:11 . 2007-12-30 22:11 <DIR> d-------- C:\Program Files\QIP
2007-12-30 22:03 . 2007-12-30 22:03 <DIR> d-------- C:\Program Files\Logitech
2007-12-30 22:03 . 2007-12-30 22:03 <DIR> d-------- C:\Program Files\Common Files\Logitech
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 15:12 --------- d-----w C:\Program Files\Yahoo!
2008-01-23 08:04 --------- d-----w C:\Program Files\Testy Autoškola
2008-01-20 21:44 8,972 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cntstore.bin
2008-01-19 23:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 23:13 --------- d-----w C:\Program Files\Gigabyte
2007-12-30 21:03 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-12-30 20:54 --------- d-----w C:\Program Files\ATI Technologies
2007-12-30 20:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-30 20:53 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2007-12-30 20:43 15,600 ----a-w C:\WINDOWS\gdrv.sys
2007-12-30 20:12 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-30 20:12 --------- d-----w C:\Program Files\Realtek
2007-12-30 20:09 --------- d-----w C:\Program Files\Intel
2007-12-30 19:51 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-30 19:47 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-30 19:46 558,142 ----a-w C:\WINDOWS\java\Packages\ekchbxvt.zip
2007-12-30 19:46 155,995 ----a-w C:\WINDOWS\java\Packages\m4h71nnv.zip
2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-25 16:35 2776576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-02-20 13:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-02-20 13:34]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-01-25 16:36]
R2 AccessSharing;Internet Connection Sharing Firewall Service;"C:\WINDOWS\system\wcntfysvc.exe" [2008-01-20 16:46]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 01:35]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-12-30 21:43]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 17:11:37
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.1106]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-25 17:13:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-25 16:13:00
ComboFix 08-01-23.1C - milda 2008-01-25 17:03:25.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.539 [GMT 1:00]
Running from: C:\Documents and Settings\milda\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\OPTIONS\CABS\_desktop.ini
C:\WINDOWS\system32\hqghumea.dll
C:\WINDOWS\system32\jrxeoqsw.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.
2008-01-25 17:11 . 2008-01-25 17:11 520 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-25 17:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 16:36 . 2008-01-25 16:36 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-25 16:33 . 2008-01-25 16:40 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-25 16:33 . 2008-01-25 16:34 <DIR> d-------- C:\Program Files\Crawler
2008-01-25 16:22 . 2008-01-25 16:22 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-01-25 16:11 . 2008-01-25 16:12 <DIR> d-------- C:\Program Files\CCleaner
2008-01-24 21:41 . 2008-01-24 21:42 <DIR> d-------- C:\Program Files\Hero Editor
2008-01-24 21:41 . 2008-01-24 21:41 249,856 --------- C:\WINDOWS\Setup1.exe
2008-01-24 21:41 . 2008-01-24 21:41 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-01-22 21:15 . 2008-01-22 21:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-22 15:16 . 2008-01-23 09:14 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-22 14:28 . 2008-01-22 14:28 <DIR> d-------- C:\Program Files\Nero
2008-01-22 14:28 . 2008-01-22 14:30 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-20 22:57 . 2008-01-20 23:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-20 22:43 . 2008-01-20 22:43 <DIR> d-------- C:\WINDOWS\provisioning
2008-01-20 22:43 . 2008-01-21 17:46 <DIR> d-------- C:\WINDOWS\peernet
2008-01-20 22:36 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002393_.tmp
2008-01-20 22:34 . 2008-01-21 17:46 <DIR> d-------- C:\WINDOWS\EHome
2008-01-20 16:46 . 2008-01-20 16:46 395,776 --a------ C:\WINDOWS\system32\drone.exe
2008-01-20 16:46 . 2008-01-20 16:46 395,776 -r-hs---- C:\WINDOWS\system\wcntfysvc.exe
2008-01-20 16:46 . 2008-01-20 16:46 70 --a------ C:\WINDOWS\system32\i
2008-01-20 15:47 . 2008-01-20 15:49 23,294 --ah----- C:\WINDOWS\system32\wtcopijj.exe
2008-01-20 15:47 . 2008-01-20 15:48 20,916 --ah----- C:\WINDOWS\system32\itup.exe
2008-01-20 00:45 . 2008-01-20 17:14 38,324 --a------ C:\WINDOWS\system32\sysinfo.exe
2008-01-20 00:45 . 2008-01-24 21:16 61 --a------ C:\WINDOWS\system32\o
2008-01-20 00:32 . 2008-01-20 00:32 3,584 --ah----- C:\WINDOWS\system32\aefgu.exe
2008-01-20 00:31 . 2008-01-20 00:31 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-20 00:31 . 2008-01-20 00:31 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-01-20 00:31 . 2008-01-20 00:31 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-18 21:04 . 2008-01-18 21:05 <DIR> d-------- C:\Program Files\uTorrent
2008-01-17 20:11 . 2008-01-17 20:11 <DIR> d-------- C:\Program Files\Ventrilo
2008-01-17 20:11 . 2008-01-17 20:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 18:37 . 2008-01-14 18:37 <DIR> d-------- C:\Temp
2008-01-13 14:57 . 2008-01-13 14:57 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-01-13 14:57 . 2008-01-13 15:08 30,970 --a------ C:\WINDOWS\DIIUnin.dat
2008-01-13 14:57 . 2008-01-13 14:57 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-01-13 02:27 . 2008-01-13 02:27 <DIR> d-------- C:\Program Files\ffdshow
2008-01-13 02:27 . 2008-01-13 02:27 <DIR> d-------- C:\Program Files\DivX Player Pro
2008-01-12 12:14 . 2008-01-12 12:14 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-12 11:54 . 2008-01-12 11:54 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-12 11:37 . 2008-01-13 15:04 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-01-12 11:37 . 2008-01-13 15:04 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-01-12 11:37 . 2008-01-13 15:04 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-01-09 23:06 . 2008-01-13 14:56 <DIR> d-------- C:\Games
2008-01-07 15:38 . 2008-01-07 15:43 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-01-07 15:38 . 2008-01-07 15:46 68,704 --a------ C:\WINDOWS\War3Unin.dat
2008-01-07 15:38 . 2008-01-07 15:43 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-01-05 23:47 . 2008-01-06 02:45 <DIR> d-------- C:\Program Files\BitComet
2008-01-05 23:47 . 2008-01-22 20:03 <DIR> d-------- C:\Downloads
2008-01-05 23:47 . 2008-01-05 23:47 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-01-05 15:45 . 2008-01-05 15:45 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-01-03 22:59 . 2008-01-03 22:59 <DIR> d-------- C:\Program Files\Lavalys
2008-01-03 20:42 . 2008-01-23 09:04 <DIR> d-------- C:\Program Files\Testy Autoçkola
2007-12-31 17:22 . 2007-12-31 17:22 <DIR> d-------- C:\Program Files\Opera
2007-12-31 10:18 . 2008-01-21 00:31 <DIR> d-------- C:\Program Files\ICQToolbar
2007-12-31 10:18 . 2008-01-15 15:57 <DIR> d-------- C:\Program Files\ICQLite
2007-12-30 23:28 . 2007-12-30 23:28 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-12-30 23:15 . 2007-12-30 23:15 <DIR> d-------- C:\Program Files\EA GAMES
2007-12-30 23:11 . 2008-01-21 01:03 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2007-12-30 23:10 . 2007-12-30 23:11 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2007-12-30 23:08 . 2007-12-30 23:08 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-30 22:56 . 2007-12-30 22:56 <DIR> d-------- C:\Need.for.Speed.Underground.2
2007-12-30 22:42 . 2008-01-24 12:45 350 --a------ C:\WINDOWS\RefreshLock.ini
2007-12-30 22:40 . 2007-12-30 23:28 <DIR> d-------- C:\Program Files\totalcmd
2007-12-30 22:40 . 2008-01-20 12:36 2,519 --a------ C:\WINDOWS\wincmd.ini
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\UC.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2007-12-30 22:39 . 2008-01-20 14:00 <DIR> d-------- C:\Program Files\Webteh
2007-12-30 22:39 . 2007-12-30 22:39 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-30 22:38 . 2007-12-30 22:38 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-30 22:29 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-12-30 22:29 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-12-30 22:29 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2007-12-30 22:29 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-12-30 22:29 . 2004-08-03 14:05 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-12-30 22:29 . 2004-08-03 13:59 168,216 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-12-30 22:29 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-12-30 22:11 . 2007-12-30 22:11 <DIR> d-------- C:\Program Files\QIP
2007-12-30 22:03 . 2007-12-30 22:03 <DIR> d-------- C:\Program Files\Logitech
2007-12-30 22:03 . 2007-12-30 22:03 <DIR> d-------- C:\Program Files\Common Files\Logitech
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 15:12 --------- d-----w C:\Program Files\Yahoo!
2008-01-23 08:04 --------- d-----w C:\Program Files\Testy Autoškola
2008-01-20 21:44 8,972 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cntstore.bin
2008-01-19 23:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 23:13 --------- d-----w C:\Program Files\Gigabyte
2007-12-30 21:03 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-12-30 20:54 --------- d-----w C:\Program Files\ATI Technologies
2007-12-30 20:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-30 20:53 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2007-12-30 20:43 15,600 ----a-w C:\WINDOWS\gdrv.sys
2007-12-30 20:12 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-30 20:12 --------- d-----w C:\Program Files\Realtek
2007-12-30 20:09 --------- d-----w C:\Program Files\Intel
2007-12-30 19:51 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-30 19:47 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-30 19:46 558,142 ----a-w C:\WINDOWS\java\Packages\ekchbxvt.zip
2007-12-30 19:46 155,995 ----a-w C:\WINDOWS\java\Packages\m4h71nnv.zip
2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-25 16:35 2776576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-02-20 13:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-02-20 13:34]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-01-25 16:36]
R2 AccessSharing;Internet Connection Sharing Firewall Service;"C:\WINDOWS\system\wcntfysvc.exe" [2008-01-20 16:46]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 01:35]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-12-30 21:43]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 17:11:37
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.1106]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-25 17:13:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-25 16:13:00
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Nieco zmazalo.
Stiahni si avenger :
http://www.viry.cz/forum/viewtopic.php?t=19832
Dopracuj sa k tomu okne ktore je v navode a do neho skopiruj toto:
Po restarte naskoci log. Ten skopiruj sem. (c:\avenger.txt)
Ako to urobis, tak urob novy log z combofixu a ten hod sem.
Toto otestuj na virustotal.com :
Do okna skopiruj cesty k suboro, uploadni a vysledky sem daj.
C:\WINDOWS\system32\drone.exe
C:\WINDOWS\system32\itup.exe
C:\WINDOWS\java\Packages\m4h71nnv.zip
C:\WINDOWS\java\Packages\ekchbxvt.zip
C:\WINDOWS\gdrv.sys
Zlozku c:\temp mozes manualne zmazat.
Stiahni si avenger :
http://www.viry.cz/forum/viewtopic.php?t=19832
Dopracuj sa k tomu okne ktore je v navode a do neho skopiruj toto:
DONE >> SEMAFOR >> OKDrivers to unload:
AccessSharing
Files to delete:
C:\WINDOWS\002393_.tmp
C:\WINDOWS\system\wcntfysvc.exe
C:\WINDOWS\system32\i
C:\WINDOWS\system32\wtcopijj.exe
C:\WINDOWS\system32\o
C:\WINDOWS\system32\aefgu.exe
C:\WINDOWS\system32\sysinfo.exe
Po restarte naskoci log. Ten skopiruj sem. (c:\avenger.txt)
Ako to urobis, tak urob novy log z combofixu a ten hod sem.
Toto otestuj na virustotal.com :
Do okna skopiruj cesty k suboro, uploadni a vysledky sem daj.
C:\WINDOWS\system32\drone.exe
C:\WINDOWS\system32\itup.exe
C:\WINDOWS\java\Packages\m4h71nnv.zip
C:\WINDOWS\java\Packages\ekchbxvt.zip
C:\WINDOWS\gdrv.sys
Zlozku c:\temp mozes manualne zmazat.
- solda1
- Začátečník
-
- Registrován: 15. dub 2007
- Bydliště: Hodonín
- Kontaktovat uživatele:
- solda1
- Začátečník
-
- Registrován: 15. dub 2007
- Bydliště: Hodonín
- Kontaktovat uživatele:
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Skopiruj tento text :
Pocitac sa restartuje.
Do toho policka. Klikni na DONE, potom na Semafor a nasledne potvrd OK.Drivers to unload:
AccessSharing
Files to delete:
C:\WINDOWS\002393_.tmp
C:\WINDOWS\system\wcntfysvc.exe
C:\WINDOWS\system32\i
C:\WINDOWS\system32\wtcopijj.exe
C:\WINDOWS\system32\o
C:\WINDOWS\system32\aefgu.exe
C:\WINDOWS\system32\sysinfo.exe
Pocitac sa restartuje.
- solda1
- Začátečník
-
- Registrován: 15. dub 2007
- Bydliště: Hodonín
- Kontaktovat uživatele:
Jo ja vim,pak sem to zistil 
Sem dobrej na cloveka ktery tomu nerozumí 
No ale nestihl sem to napsat pac se me resl PC a vyjelo me toto :
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\otbvjgwf
*******************
Script file located at: \??\C:\WINDOWS\pvwtqnll.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Driver AccessSharing unloaded successfully.
File C:\WINDOWS\002393_.tmp deleted successfully.
File C:\WINDOWS\system\wcntfysvc.exe deleted successfully.
File C:\WINDOWS\system32\i deleted successfully.
File C:\WINDOWS\system32\wtcopijj.exe deleted successfully.
File C:\WINDOWS\system32\o deleted successfully.
File C:\WINDOWS\system32\aefgu.exe deleted successfully.
File C:\WINDOWS\system32\sysinfo.exe deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Sem dobrej na cloveka ktery tomu nerozumí No ale nestihl sem to napsat pac se me resl PC a vyjelo me toto :Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\otbvjgwf
*******************
Script file located at: \??\C:\WINDOWS\pvwtqnll.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Driver AccessSharing unloaded successfully.
File C:\WINDOWS\002393_.tmp deleted successfully.
File C:\WINDOWS\system\wcntfysvc.exe deleted successfully.
File C:\WINDOWS\system32\i deleted successfully.
File C:\WINDOWS\system32\wtcopijj.exe deleted successfully.
File C:\WINDOWS\system32\o deleted successfully.
File C:\WINDOWS\system32\aefgu.exe deleted successfully.
File C:\WINDOWS\system32\sysinfo.exe deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
- solda1
- Začátečník
-
- Registrován: 15. dub 2007
- Bydliště: Hodonín
- Kontaktovat uživatele:
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
- solda1
- Začátečník
-
- Registrován: 15. dub 2007
- Bydliště: Hodonín
- Kontaktovat uživatele:
ComboFix 08-01-23.1C - milda 2008-01-25 18:11:58.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.665 [GMT 1:00]
Running from: C:\Documents and Settings\milda\Plocha\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.
2008-01-25 17:11 . 2008-01-25 17:59 25,618 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-25 17:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 16:36 . 2008-01-25 16:36 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-25 16:33 . 2008-01-25 18:03 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-25 16:33 . 2008-01-25 16:34 <DIR> d-------- C:\Program Files\Crawler
2008-01-25 16:22 . 2008-01-25 16:22 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-01-25 16:11 . 2008-01-25 16:12 <DIR> d-------- C:\Program Files\CCleaner
2008-01-24 21:41 . 2008-01-24 21:42 <DIR> d-------- C:\Program Files\Hero Editor
2008-01-24 21:41 . 2008-01-24 21:41 249,856 --------- C:\WINDOWS\Setup1.exe
2008-01-24 21:41 . 2008-01-24 21:41 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-01-22 21:15 . 2008-01-22 21:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-22 15:16 . 2008-01-23 09:14 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-22 14:28 . 2008-01-22 14:28 <DIR> d-------- C:\Program Files\Nero
2008-01-22 14:28 . 2008-01-22 14:30 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-20 22:57 . 2008-01-20 23:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-20 22:43 . 2008-01-20 22:43 <DIR> d-------- C:\WINDOWS\provisioning
2008-01-20 22:43 . 2008-01-21 17:46 <DIR> d-------- C:\WINDOWS\peernet
2008-01-20 22:34 . 2008-01-21 17:46 <DIR> d-------- C:\WINDOWS\EHome
2008-01-20 16:46 . 2008-01-20 16:46 395,776 --a------ C:\WINDOWS\system32\drone.exe
2008-01-20 15:47 . 2008-01-20 15:48 20,916 --ah----- C:\WINDOWS\system32\itup.exe
2008-01-18 21:04 . 2008-01-18 21:05 <DIR> d-------- C:\Program Files\uTorrent
2008-01-17 20:11 . 2008-01-17 20:11 <DIR> d-------- C:\Program Files\Ventrilo
2008-01-17 20:11 . 2008-01-17 20:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-13 14:57 . 2008-01-13 14:57 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-01-13 14:57 . 2008-01-13 15:08 30,970 --a------ C:\WINDOWS\DIIUnin.dat
2008-01-13 14:57 . 2008-01-13 14:57 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-01-13 02:27 . 2008-01-13 02:27 <DIR> d-------- C:\Program Files\ffdshow
2008-01-13 02:27 . 2008-01-13 02:27 <DIR> d-------- C:\Program Files\DivX Player Pro
2008-01-12 12:14 . 2008-01-12 12:14 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-12 11:54 . 2008-01-12 11:54 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-12 11:37 . 2008-01-13 15:04 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-01-12 11:37 . 2008-01-13 15:04 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-01-12 11:37 . 2008-01-13 15:04 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-01-09 23:06 . 2008-01-13 14:56 <DIR> d-------- C:\Games
2008-01-07 15:38 . 2008-01-07 15:43 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-01-07 15:38 . 2008-01-07 15:46 68,704 --a------ C:\WINDOWS\War3Unin.dat
2008-01-07 15:38 . 2008-01-07 15:43 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-01-05 23:47 . 2008-01-06 02:45 <DIR> d-------- C:\Program Files\BitComet
2008-01-05 23:47 . 2008-01-22 20:03 <DIR> d-------- C:\Downloads
2008-01-05 23:47 . 2008-01-05 23:47 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-01-05 15:45 . 2008-01-05 15:45 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-01-03 22:59 . 2008-01-03 22:59 <DIR> d-------- C:\Program Files\Lavalys
2008-01-03 20:42 . 2008-01-23 09:04 <DIR> d-------- C:\Program Files\Testy Autoškola
2007-12-31 17:22 . 2007-12-31 17:22 <DIR> d-------- C:\Program Files\Opera
2007-12-31 10:18 . 2008-01-21 00:31 <DIR> d-------- C:\Program Files\ICQToolbar
2007-12-31 10:18 . 2008-01-15 15:57 <DIR> d-------- C:\Program Files\ICQLite
2007-12-30 23:28 . 2007-12-30 23:28 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-12-30 23:15 . 2007-12-30 23:15 <DIR> d-------- C:\Program Files\EA GAMES
2007-12-30 23:11 . 2008-01-21 01:03 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2007-12-30 23:10 . 2007-12-30 23:11 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2007-12-30 23:08 . 2007-12-30 23:08 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-30 22:56 . 2007-12-30 22:56 <DIR> d-------- C:\Need.for.Speed.Underground.2
2007-12-30 22:42 . 2008-01-24 12:45 350 --a------ C:\WINDOWS\RefreshLock.ini
2007-12-30 22:40 . 2007-12-30 23:28 <DIR> d-------- C:\Program Files\totalcmd
2007-12-30 22:40 . 2008-01-20 12:36 2,519 --a------ C:\WINDOWS\wincmd.ini
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\UC.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2007-12-30 22:39 . 2008-01-20 14:00 <DIR> d-------- C:\Program Files\Webteh
2007-12-30 22:39 . 2007-12-30 22:39 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-30 22:38 . 2007-12-30 22:38 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-30 22:29 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-12-30 22:29 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-12-30 22:29 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2007-12-30 22:29 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-12-30 22:29 . 2004-08-03 14:05 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-12-30 22:29 . 2004-08-03 13:59 168,216 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-12-30 22:29 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-12-30 22:11 . 2007-12-30 22:11 <DIR> d-------- C:\Program Files\QIP
2007-12-30 22:03 . 2007-12-30 22:03 <DIR> d-------- C:\Program Files\Logitech
2007-12-30 22:03 . 2007-12-30 22:03 <DIR> d-------- C:\Program Files\Common Files\Logitech
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 15:12 --------- d-----w C:\Program Files\Yahoo!
2008-01-20 21:44 8,972 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cntstore.bin
2008-01-19 23:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 23:13 --------- d-----w C:\Program Files\Gigabyte
2007-12-30 21:03 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-12-30 20:54 --------- d-----w C:\Program Files\ATI Technologies
2007-12-30 20:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-30 20:53 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2007-12-30 20:43 15,600 ----a-w C:\WINDOWS\gdrv.sys
2007-12-30 20:12 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-30 20:12 --------- d-----w C:\Program Files\Realtek
2007-12-30 20:09 --------- d-----w C:\Program Files\Intel
2007-12-30 19:51 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-30 19:47 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-30 19:46 558,142 ----a-w C:\WINDOWS\java\Packages\ekchbxvt.zip
2007-12-30 19:46 155,995 ----a-w C:\WINDOWS\java\Packages\m4h71nnv.zip
2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-25_17.12.14.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-25 15:24:00 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-25 17:03:34 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-25 15:24:00 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-25 17:03:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-01-25 15:24:00 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-25 17:03:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 05:29:43 68,736 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2008-01-25 16:12:10 68,736 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2008-01-21 05:29:43 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-25 16:12:10 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-21 05:29:43 389,664 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2008-01-25 16:12:10 389,664 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2008-01-21 05:29:43 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-25 16:12:10 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-25 16:35 2776576]
"ohulvnsl"="C:\gbgllhqu.bat" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-02-20 13:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-02-20 13:34]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-01-25 16:36]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 01:35]
S0 otbvjgwf;otbvjgwf;C:\WINDOWS\System32\drivers\niiwmufm.sys []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-12-30 21:43]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 18:17:27
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-25 18:18:38
ComboFix-quarantined-files.txt 2008-01-25 17:18:32
ComboFix2.txt 2008-01-25 16:13:09
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.665 [GMT 1:00]
Running from: C:\Documents and Settings\milda\Plocha\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.
2008-01-25 17:11 . 2008-01-25 17:59 25,618 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-25 17:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 16:36 . 2008-01-25 16:36 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-25 16:33 . 2008-01-25 18:03 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-25 16:33 . 2008-01-25 16:34 <DIR> d-------- C:\Program Files\Crawler
2008-01-25 16:22 . 2008-01-25 16:22 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-01-25 16:11 . 2008-01-25 16:12 <DIR> d-------- C:\Program Files\CCleaner
2008-01-24 21:41 . 2008-01-24 21:42 <DIR> d-------- C:\Program Files\Hero Editor
2008-01-24 21:41 . 2008-01-24 21:41 249,856 --------- C:\WINDOWS\Setup1.exe
2008-01-24 21:41 . 2008-01-24 21:41 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-01-22 21:15 . 2008-01-22 21:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-22 15:16 . 2008-01-23 09:14 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-22 14:28 . 2008-01-22 14:28 <DIR> d-------- C:\Program Files\Nero
2008-01-22 14:28 . 2008-01-22 14:30 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-20 22:57 . 2008-01-20 23:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-20 22:43 . 2008-01-20 22:43 <DIR> d-------- C:\WINDOWS\provisioning
2008-01-20 22:43 . 2008-01-21 17:46 <DIR> d-------- C:\WINDOWS\peernet
2008-01-20 22:34 . 2008-01-21 17:46 <DIR> d-------- C:\WINDOWS\EHome
2008-01-20 16:46 . 2008-01-20 16:46 395,776 --a------ C:\WINDOWS\system32\drone.exe
2008-01-20 15:47 . 2008-01-20 15:48 20,916 --ah----- C:\WINDOWS\system32\itup.exe
2008-01-18 21:04 . 2008-01-18 21:05 <DIR> d-------- C:\Program Files\uTorrent
2008-01-17 20:11 . 2008-01-17 20:11 <DIR> d-------- C:\Program Files\Ventrilo
2008-01-17 20:11 . 2008-01-17 20:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-13 14:57 . 2008-01-13 14:57 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-01-13 14:57 . 2008-01-13 15:08 30,970 --a------ C:\WINDOWS\DIIUnin.dat
2008-01-13 14:57 . 2008-01-13 14:57 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-01-13 02:27 . 2008-01-13 02:27 <DIR> d-------- C:\Program Files\ffdshow
2008-01-13 02:27 . 2008-01-13 02:27 <DIR> d-------- C:\Program Files\DivX Player Pro
2008-01-12 12:14 . 2008-01-12 12:14 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-12 11:54 . 2008-01-12 11:54 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-12 11:37 . 2008-01-13 15:04 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-01-12 11:37 . 2008-01-13 15:04 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-01-12 11:37 . 2008-01-13 15:04 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-01-09 23:06 . 2008-01-13 14:56 <DIR> d-------- C:\Games
2008-01-07 15:38 . 2008-01-07 15:43 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-01-07 15:38 . 2008-01-07 15:46 68,704 --a------ C:\WINDOWS\War3Unin.dat
2008-01-07 15:38 . 2008-01-07 15:43 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-01-05 23:47 . 2008-01-06 02:45 <DIR> d-------- C:\Program Files\BitComet
2008-01-05 23:47 . 2008-01-22 20:03 <DIR> d-------- C:\Downloads
2008-01-05 23:47 . 2008-01-05 23:47 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-01-05 15:45 . 2008-01-05 15:45 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-01-03 22:59 . 2008-01-03 22:59 <DIR> d-------- C:\Program Files\Lavalys
2008-01-03 20:42 . 2008-01-23 09:04 <DIR> d-------- C:\Program Files\Testy Autoškola
2007-12-31 17:22 . 2007-12-31 17:22 <DIR> d-------- C:\Program Files\Opera
2007-12-31 10:18 . 2008-01-21 00:31 <DIR> d-------- C:\Program Files\ICQToolbar
2007-12-31 10:18 . 2008-01-15 15:57 <DIR> d-------- C:\Program Files\ICQLite
2007-12-30 23:28 . 2007-12-30 23:28 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-12-30 23:15 . 2007-12-30 23:15 <DIR> d-------- C:\Program Files\EA GAMES
2007-12-30 23:11 . 2008-01-21 01:03 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2007-12-30 23:10 . 2007-12-30 23:11 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2007-12-30 23:08 . 2007-12-30 23:08 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-30 22:56 . 2007-12-30 22:56 <DIR> d-------- C:\Need.for.Speed.Underground.2
2007-12-30 22:42 . 2008-01-24 12:45 350 --a------ C:\WINDOWS\RefreshLock.ini
2007-12-30 22:40 . 2007-12-30 23:28 <DIR> d-------- C:\Program Files\totalcmd
2007-12-30 22:40 . 2008-01-20 12:36 2,519 --a------ C:\WINDOWS\wincmd.ini
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\UC.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2007-12-30 22:40 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2007-12-30 22:39 . 2008-01-20 14:00 <DIR> d-------- C:\Program Files\Webteh
2007-12-30 22:39 . 2007-12-30 22:39 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-30 22:38 . 2007-12-30 22:38 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-30 22:29 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-12-30 22:29 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-12-30 22:29 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2007-12-30 22:29 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-12-30 22:29 . 2004-08-03 14:05 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-12-30 22:29 . 2004-08-03 13:59 168,216 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-12-30 22:29 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-12-30 22:11 . 2007-12-30 22:11 <DIR> d-------- C:\Program Files\QIP
2007-12-30 22:03 . 2007-12-30 22:03 <DIR> d-------- C:\Program Files\Logitech
2007-12-30 22:03 . 2007-12-30 22:03 <DIR> d-------- C:\Program Files\Common Files\Logitech
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 15:12 --------- d-----w C:\Program Files\Yahoo!
2008-01-20 21:44 8,972 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cntstore.bin
2008-01-19 23:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 23:13 --------- d-----w C:\Program Files\Gigabyte
2007-12-30 21:03 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-12-30 20:54 --------- d-----w C:\Program Files\ATI Technologies
2007-12-30 20:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-30 20:53 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2007-12-30 20:43 15,600 ----a-w C:\WINDOWS\gdrv.sys
2007-12-30 20:12 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-30 20:12 --------- d-----w C:\Program Files\Realtek
2007-12-30 20:09 --------- d-----w C:\Program Files\Intel
2007-12-30 19:51 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-30 19:47 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-30 19:46 558,142 ----a-w C:\WINDOWS\java\Packages\ekchbxvt.zip
2007-12-30 19:46 155,995 ----a-w C:\WINDOWS\java\Packages\m4h71nnv.zip
2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-25_17.12.14.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-25 15:24:00 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-25 17:03:34 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-25 15:24:00 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-25 17:03:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-01-25 15:24:00 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-25 17:03:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 05:29:43 68,736 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2008-01-25 16:12:10 68,736 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2008-01-21 05:29:43 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-25 16:12:10 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-21 05:29:43 389,664 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2008-01-25 16:12:10 389,664 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2008-01-21 05:29:43 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-25 16:12:10 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-25 16:35 2776576]
"ohulvnsl"="C:\gbgllhqu.bat" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-02-20 13:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-02-20 13:34]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-01-25 16:36]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 01:35]
S0 otbvjgwf;otbvjgwf;C:\WINDOWS\System32\drivers\niiwmufm.sys []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-12-30 21:43]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 18:17:27
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-25 18:18:38
ComboFix-quarantined-files.txt 2008-01-25 17:18:32
ComboFix2.txt 2008-01-25 16:13:09
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Dalsie smejdy pribudli.
Do avengera skopiruj toto:
Po restarte log.
C:\WINDOWS\RefreshLock.ini
C:\WINDOWS\system32\drone.exe
C:\WINDOWS\system32\itup.exe
C:\WINDOWS\java\Packages\m4h71nnv.zip
C:\WINDOWS\java\Packages\ekchbxvt.zip
C:\WINDOWS\gdrv.sys
Potrebujem, aby si tieto veci otestoval na virustotal.com
Ked to urobis, tak si stiahni mwav :
http://www.viry.cz/forum/viewtopic.php?t=4097
Podla navodu ho spravne nastav a nezabudni updatovat. Nechaj skenovanie zapnute a ponom, sem daj obsah celeho dolneho okna.Nie horneho!
Do avengera skopiruj toto:
DONE >> SEMAFOR >> OKDrivers to unload:
otbvjgwf
Files to delete:
C:\WINDOWS\System32\drivers\niiwmufm.sys
C:\gbgllhqu.bat
C:\WINDOWS\system32\bitcometres.dll
Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | ohulvnsl
Po restarte log.
C:\WINDOWS\RefreshLock.ini
C:\WINDOWS\system32\drone.exe
C:\WINDOWS\system32\itup.exe
C:\WINDOWS\java\Packages\m4h71nnv.zip
C:\WINDOWS\java\Packages\ekchbxvt.zip
C:\WINDOWS\gdrv.sys
Potrebujem, aby si tieto veci otestoval na virustotal.com
Ked to urobis, tak si stiahni mwav :
http://www.viry.cz/forum/viewtopic.php?t=4097
Podla navodu ho spravne nastav a nezabudni updatovat. Nechaj skenovanie zapnute a ponom, sem daj obsah celeho dolneho okna.Nie horneho!
- solda1
- Začátečník
-
- Registrován: 15. dub 2007
- Bydliště: Hodonín
- Kontaktovat uživatele:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bvlrokrl
*******************
Script file located at: \??\C:\WINDOWS\System32\xkccxbnk.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Driver otbvjgwf unloaded successfully.
File C:\WINDOWS\System32\drivers\niiwmufm.sys not found!
Deletion of file C:\WINDOWS\System32\drivers\niiwmufm.sys failed!
Could not process line:
C:\WINDOWS\System32\drivers\niiwmufm.sys
Status: 0xc0000034
File C:\gbgllhqu.bat not found!
Deletion of file C:\gbgllhqu.bat failed!
Could not process line:
C:\gbgllhqu.bat
Status: 0xc0000034
File C:\WINDOWS\system32\bitcometres.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ohulvnsl deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
A jeste kdyz chcu na ten virustotal.com tak musim ty soubory do tej listy davat postupne jako .....
C:\WINDOWS\RefreshLock.ini
Dat soubor odeslat k analyze a pak zas dalsi atd... ? Nebo jak ? Nechapu to.
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bvlrokrl
*******************
Script file located at: \??\C:\WINDOWS\System32\xkccxbnk.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Driver otbvjgwf unloaded successfully.
File C:\WINDOWS\System32\drivers\niiwmufm.sys not found!
Deletion of file C:\WINDOWS\System32\drivers\niiwmufm.sys failed!
Could not process line:
C:\WINDOWS\System32\drivers\niiwmufm.sys
Status: 0xc0000034
File C:\gbgllhqu.bat not found!
Deletion of file C:\gbgllhqu.bat failed!
Could not process line:
C:\gbgllhqu.bat
Status: 0xc0000034
File C:\WINDOWS\system32\bitcometres.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ohulvnsl deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
A jeste kdyz chcu na ten virustotal.com tak musim ty soubory do tej listy davat postupne jako .....
C:\WINDOWS\RefreshLock.ini
Dat soubor odeslat k analyze a pak zas dalsi atd... ? Nebo jak ? Nechapu to.