HijackThis utilita + LOGY k posouzeni

Axident · Příspěvek od **Axident** » pon 21. led 2008, 13:27

...ze dal, to bylo prvni, co jsem udelal! A rekl bych, ze jsem to udelal jak se ma...
SDFix mi v Report.txt vyplivl pouze toto, nevim, zda to tak ma byt:
SDFix: Version 1.129

Run by R on po 21.01.2008 at 09:42

Microsoft Windows XP [Verze 5.1.2600]

Running From: F:\PROGRA~1\SDFix\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

ComboFix moment...

Axident · Příspěvek od **Axident** » pon 21. led 2008, 13:55

ComboFix 08-01-20.1 - R 2008-01-21 13:31:34.5 - NTFSx86
Running from: C:\Documents and Settings\R\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.

2008-01-21 09:24 . 2008-01-21 13:43 <DIR> d-------- C:\Z_temp
2008-01-21 07:34 . 2008-01-21 07:34 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Barbie Fashion Show
2008-01-20 13:28 . 2008-01-21 10:03 1,752 --a------ C:\Documents and Settings\R\clean.reg
2008-01-20 13:14 . 2008-01-20 13:15 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-20 11:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 01:38 . 2008-01-15 01:38 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-09 18:51 . 2008-01-09 18:51 <DIR> d-------- C:\Documents and Settings\R\Data aplikací\Disney Interactive
2008-01-09 17:55 . 2008-01-09 17:56 <DIR> d-------- C:\Documents and Settings\R\Data aplikací\Spectaculator
2008-01-09 17:54 . 2008-01-09 17:54 <DIR> d-------- C:\Program Files\spectaculator.com
2008-01-03 00:20 . 2008-01-03 00:20 140 --a------ C:\_dele.bat
2007-12-31 11:39 . 2006-01-30 11:32 5,632 --a------ C:\WINDOWS\system32\pxc25pm.dll
2007-12-28 18:58 . 2007-12-28 18:58 <DIR> d-------- C:\Program Files\eRightSoft
2007-12-28 18:58 . 2006-09-12 11:46 227,328 -r-hs---- C:\WINDOWS\system32\ac3DX.ax
2007-12-28 18:58 . 2006-03-10 21:48 169,472 -r-hs---- C:\WINDOWS\system32\MatroskaDX.ax
2007-12-28 18:58 . 2006-05-03 10:06 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2007-12-28 18:58 . 2005-11-25 20:46 161,792 -r-hs---- C:\WINDOWS\system32\RealMediaDX.ax
2007-12-28 18:58 . 2006-01-12 23:23 123,904 -r-hs---- C:\WINDOWS\system32\AVCDX.ax
2007-12-28 18:58 . 2005-02-22 16:55 81,920 -r-hs---- C:\WINDOWS\system32\aac_parser.ax
2007-12-28 18:58 . 2003-11-20 23:00 54,784 -r-hs---- C:\WINDOWS\system32\RLAPEDec.ax
2007-12-28 18:58 . 2004-04-26 23:00 37,888 -r-hs---- C:\WINDOWS\system32\RLMPCDec.ax
2007-12-28 18:58 . 2007-02-21 11:47 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2007-12-28 18:58 . 2007-07-03 06:59 9,292 ---h----- C:\WINDOWS\super.chm
2007-12-27 11:23 . 2007-12-27 11:23 1,409 --a------ C:\WINDOWS\system32\tmpEDEFA.FOT
2007-12-27 11:23 . 2007-12-27 11:23 1,409 --a------ C:\WINDOWS\system32\tmpA1FFA.FOT
2007-12-24 07:21 . 2007-12-24 07:51 737 --a------ C:\WINDOWS\XMLEditor4.INI
2007-12-23 19:07 . 2007-12-23 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\eGames
2007-12-23 12:48 . 2007-12-23 12:48 <DIR> d-------- C:\Documents and Settings\R\Data aplikací\eGames
2007-12-21 21:11 . 2007-12-21 21:11 <DIR> d-------- C:\Documents and Settings\R\Data aplikací\Složka odesílání Share-to-Web

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 08:52 158,226 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-21 07:58 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-01-21 07:56 --------- d-----w C:\Documents and Settings\R\Data aplikací\uTorrent
2008-01-20 10:34 --------- d-----w C:\Program Files\Trillian
2008-01-20 07:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 06:56 --------- d-----w C:\Program Files\Alcohol Soft
2008-01-20 06:24 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-19 08:49 --------- d-----w C:\Program Files\FisherPriceToyland
2008-01-19 03:18 --------- d-----w C:\Documents and Settings\R\Data aplikací\Azureus
2008-01-17 03:24 --------- d-----w C:\Documents and Settings\R\Data aplikací\Vso
2008-01-15 21:42 --------- d-----w C:\Program Files\Pinnacle
2008-01-13 14:48 --------- d-----w C:\Program Files\Hello Kitty Dream Carnival
2008-01-09 22:57 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\SecTaskMan
2008-01-08 03:51 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-05 07:30 --------- d-----w C:\Program Files\Total Video Converter
2008-01-02 23:30 --------- d-----w C:\Program Files\Všeználek to ví
2008-01-02 23:19 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-30 13:59 --------- d-----w C:\Documents and Settings\R\Data aplikací\MyPhoneExplorer
2007-12-28 05:09 --------- d-----w C:\Program Files\Azureus
2007-12-27 16:53 --------- d-----w C:\Program Files\Google
2007-12-27 11:24 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
2007-12-24 06:57 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-12-24 06:57 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ACD Systems
2007-12-15 08:07 --------- d-----w C:\Program Files\IDOS
2007-12-15 06:54 --------- d-----w C:\Documents and Settings\R\Data aplikací\MetaProducts
2007-12-13 00:19 --------- d-----w C:\Program Files\Security Task Manager
2007-12-12 03:48 --------- d-----w C:\Program Files\Ashampoo
2007-12-09 11:09 --------- d-----w C:\Program Files\Jigsaws
2007-12-09 07:08 --------- d-----w C:\Program Files\Supercow
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-02 00:22 --------- d-----w C:\Program Files\OO Software
2007-11-26 04:46 --------- d-----w C:\Documents and Settings\R\Data aplikací\foobar2000
2007-11-24 06:21 --------- d-----w C:\Program Files\Nexus Radio
2007-11-23 17:49 --------- d-----w C:\Documents and Settings\R\Data aplikací\PlayFirst
2007-11-23 17:49 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\PlayFirst
2007-11-22 10:30 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-22 10:30 --------- d--h--r C:\Documents and Settings\R\Data aplikací\SecuROM
2007-11-22 07:01 --------- d-----w C:\Program Files\Disney Interactive
2007-11-21 13:15 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\vsosdk
2007-11-07 09:29 720,896 ------w C:\WINDOWS\system32\lsasrv.dll
2007-10-30 15:28 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2007-10-29 22:44 1,290,240 ------w C:\WINDOWS\system32\quartz.dll
2007-02-27 17:55 87,608 ----a-w C:\Documents and Settings\R\Data aplikací\ezpinst.exe
2007-02-27 17:55 47,360 ----a-w C:\Documents and Settings\R\Data aplikací\pcouffin.sys
2006-09-28 15:22 91,265 ----a-w C:\Program Files\OCT2006_xinput_x64.cab
2006-09-28 15:22 49,149 ----a-w C:\Program Files\OCT2006_xinput_x86.cab
2006-09-28 15:21 41,996 ----a-w C:\Program Files\dxdllreg_x86.cab
2006-09-28 15:21 183,321 ----a-w C:\Program Files\OCT2006_XACT_x64.cab
2006-09-28 15:21 138,977 ----a-w C:\Program Files\OCT2006_XACT_x86.cab
2006-09-28 15:21 1,413,862 ----a-w C:\Program Files\OCT2006_d3dx9_31_x64.cab
2006-09-28 15:21 1,128,177 ----a-w C:\Program Files\OCT2006_d3dx9_31_x86.cab
2006-09-28 14:55 976,020 ------w C:\Program Files\BDAXP.cab
2006-09-28 14:55 917,318 ------w C:\Program Files\Apr2006_MDX1_x86.cab
2006-09-28 14:55 88,102 ------w C:\Program Files\AUG2006_xinput_x64.cab
2006-09-28 14:55 87,989 ------w C:\Program Files\Apr2006_xinput_x64.cab
2006-09-28 14:55 86,925 ------w C:\Program Files\Oct2005_xinput_x64.cab
2006-09-28 14:55 82,374 ----a-w C:\Program Files\dxupdate.cab
2006-09-28 14:55 74,520 ----a-w C:\Program Files\DSETUP.dll
2006-09-28 14:55 703,080 ------w C:\Program Files\BDA.cab
2006-09-28 14:55 484,632 ----a-w C:\Program Files\DXSETUP.exe
2006-09-28 14:55 47,018 ------w C:\Program Files\AUG2006_xinput_x86.cab
2006-09-28 14:55 46,898 ------w C:\Program Files\Apr2006_xinput_x86.cab
2006-09-28 14:55 46,247 ------w C:\Program Files\Oct2005_xinput_x86.cab
2006-09-28 14:55 4,163,518 ------w C:\Program Files\Apr2006_MDX1_x86_Archive.cab
2006-09-28 14:55 2,248,984 ----a-w C:\Program Files\dsetup32.dll
2006-09-28 14:55 183,863 ------w C:\Program Files\AUG2006_XACT_x64.cab
2006-09-28 14:55 181,745 ------w C:\Program Files\JUN2006_XACT_x64.cab
2006-09-28 14:55 180,021 ------w C:\Program Files\Apr2006_XACT_x64.cab
2006-09-28 14:55 179,247 ------w C:\Program Files\Feb2006_XACT_x64.cab
2006-09-28 14:55 15,493,481 ------w C:\Program Files\DirectX.cab
2006-09-28 14:55 138,195 ------w C:\Program Files\AUG2006_XACT_x86.cab
2006-09-28 14:55 134,631 ------w C:\Program Files\JUN2006_XACT_x86.cab
2006-09-28 14:55 133,991 ------w C:\Program Files\Apr2006_XACT_x86.cab
2006-09-28 14:55 133,297 ------w C:\Program Files\Feb2006_XACT_x86.cab
2006-09-28 14:55 13,265,040 ------w C:\Program Files\dxnt.cab
2006-09-28 14:55 1,398,718 ------w C:\Program Files\Apr2006_d3dx9_30_x64.cab
2006-09-28 14:55 1,363,684 ------w C:\Program Files\Feb2006_d3dx9_29_x64.cab
2006-09-28 14:55 1,358,864 ------w C:\Program Files\Dec2005_d3dx9_28_x64.cab
2006-09-28 14:55 1,351,430 ------w C:\Program Files\Aug2005_d3dx9_27_x64.cab
2006-09-28 14:55 1,348,242 ------w C:\Program Files\Apr2005_d3dx9_25_x64.cab
2006-09-28 14:55 1,336,890 ------w C:\Program Files\Jun2005_d3dx9_26_x64.cab
2006-09-28 14:55 1,248,387 ------w C:\Program Files\Feb2005_d3dx9_24_x64.cab
2006-09-28 14:55 1,156,363 ------w C:\Program Files\BDANT.cab
2006-09-28 14:55 1,116,109 ------w C:\Program Files\Apr2006_d3dx9_30_x86.cab
2006-09-28 14:55 1,085,608 ------w C:\Program Files\Feb2006_d3dx9_29_x86.cab
2006-09-28 14:55 1,080,344 ------w C:\Program Files\Dec2005_d3dx9_28_x86.cab
2006-09-28 14:55 1,079,850 ------w C:\Program Files\Apr2005_d3dx9_25_x86.cab
2006-09-28 14:55 1,078,532 ------w C:\Program Files\Aug2005_d3dx9_27_x86.cab
2006-09-28 14:55 1,065,813 ------w C:\Program Files\Jun2005_d3dx9_26_x86.cab
2006-09-28 14:55 1,014,113 ------w C:\Program Files\Feb2005_d3dx9_24_x86.cab
2006-02-23 12:53 90 ----a-w C:\Program Files\Crash.log
2005-11-12 09:26 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2007-08-27 19:49 23 --sha-w C:\WINDOWS\system32\abcbb0_r.dll
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-20_12.13.50,67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-20 10:55:23 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-21 08:03:51 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-20 10:55:23 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-21 08:03:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-20 10:55:24 23,486,464 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-21 08:03:51 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-20 10:55:25 192,512 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-21 08:03:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-20 10:55:25 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-21 08:03:52 23,494,656 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-20 10:55:25 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-21 08:03:52 192,512 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-19 06:25:21 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-21 08:41:02 23,494,656 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-01-21 08:41:02 192,512 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-19 06:25:21 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-20 12:15:09 23,494,656 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-01-20 12:15:10 192,512 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2007-11-17 09:11:27 80,724 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2008-01-20 11:24:37 80,724 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2007-11-17 09:11:27 70,872 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-20 11:24:37 70,872 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-17 09:11:27 418,692 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2008-01-20 11:24:37 418,692 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2007-11-17 09:11:27 421,798 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-20 11:24:37 421,798 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"PC Dictionary"="" []
"OEXPRESS"="" []
"WEBTRAN"="" []
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12 517632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 21:49 7286784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"pripominac"="F:\Software (F)\Připomínač\pripominac.exe" [2007-10-01 20:13 416256]
"BootSkin Startup Jobs"="C:\Program Files\BootSkin\BootSkin.exe" [2004-04-26 15:21 270336]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Spyware Doctor"="" []

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hide IP Platinum]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2003-06-03 14:52]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 01:00]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2003-06-03 14:52]
R2 athsgt;athsgt;C:\WINDOWS\system32\DRIVERS\athsgt.sys [2006-02-04 15:19]
R2 limsgt;limsgt;C:\WINDOWS\system32\DRIVERS\limsgt.sys [2006-02-04 15:19]
R2 Nadim;NAD Proto Driver;C:\WINDOWS\system32\DRIVERS\nadim.sys [2005-05-30 22:27]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2003-04-08 08:56]
S0 vburner;vburner;C:\WINDOWS\system32\DRIVERS\vburner.sys [2007-08-10 12:10]
S0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-23 02:15]
S2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe []
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21]
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 12:12]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 12:12]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 12:12]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 12:12]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 12:12]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2004-12-18 20:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a3deb89-1581-11dc-ae78-00d009e41662}]
\Shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47dff97c-5c85-11da-b38a-00d009e41662}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bd05ae6-3a75-11da-b066-806d6172696f}]
\Shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73f45e3b-5c83-11da-b29a-00d009e41662}]
\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a29ad16-3960-11da-b0e5-806d6172696f}]
\Shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a28ea383-5c81-11da-9b56-00d009e41662}]
\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b151a666-4955-11da-8fad-806d6172696f}]
\Shell\AutoRun\command - I:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8cd2924-1ba2-11dc-a5ce-00d009e41662}]
\Shell\AutoRun\command - I:\start.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba5eb216-3c67-11da-a060-806d6172696f}]
\Shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0a8b2e3-5d48-11da-b7de-00d009e41662}]
\Shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e063b836-ae65-11da-bd41-00d009e41662}]
\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e38b7bd0-ae08-11da-bd3f-00d009e41662}]
\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7ecc450-8395-11da-8c26-00d009e41662}]
\Shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f51cc172-adfd-11da-8cd3-00d009e41662}]
\Shell\AutoRun\command - J:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1578F1DA-7365-0FBE-0507-030407050804}]
C:\WINDOWS\system32\RegMen.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 13:43:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-21 13:47:16
ComboFix-quarantined-files.txt 2008-01-21 12:47:02
ComboFix2.txt 2008-01-20 18:30:11
ComboFix3.txt 2008-01-20 12:55:01
.
2008-01-16 04:31:36 --- E O F ---

(Jinak ja tomu houbelec rozumim, vsem tem neco-fixum, jen slepe postupuji presne jak mi radci radi

)

BUBINO · Příspěvek od **BUBINO** » pon 21. led 2008, 14:10

(Jinak ja tomu houbelec rozumim, vsem tem neco-fixum, jen slepe postupuji presne jak mi radci radi )

Preto od toho su tu radci, ktori to ovladaju.

To, co som sa pytal s tym avengerom bolo preto, lebo som ti dal script a ty si tu dal log, ktory je na nic, pretoze but si dal do prikazu zmazat jeden subor, alebo si dal necely avenger.
Ten SDFIX nie je cely, ale ani ho robit nemusis a ten log z Combofixu.Su tam neake blbosti, ale to ti doradi paul27, pac je to jeho tema.

paul27 · Příspěvek od **paul27** » pon 21. led 2008, 15:54

No v tom CF nejsou jen blbosti, ty zlý služby tam pořád trčej, což se mi pranic nelíbí

. Za chvíli pošlu návod.

paul27 · Příspěvek od **paul27** » pon 21. led 2008, 16:23

Tákže, tohle nechte prosím zkontrolovat na www.virustotal.com :
C:\WINDOWS\system32\DRIVERS\vburner.sys
C:\WINDOWS\super.chm
C:\WINDOWS\system32\tmpEDEFA.FOT
C:\WINDOWS\system32\tmpA1FFA.FOT
C:\WINDOWS\system32\RegMen.exe

+přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:

File::
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\perfc009.dat
C:\WINDOWS\system32\perfc009.dat
C:\WINDOWS\system32\perfh009.dat
C:\WINDOWS\system32\perfh009.dat
C:\WINDOWS\system32\perfc005.dat
C:\WINDOWS\system32\perfc005.dat
C:\WINDOWS\system32\perfh005.dat
C:\WINDOWS\system32\perfh005.dat

Driver::
Routing

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a3deb89-1581-11dc-ae78-00d009e41662}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a29ad16-3960-11da-b0e5-806d6172696f}]

text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte - spustí se ComboFix (možná budete muset znova potvrdit licenční podmínky stiskem klávesy 1 a Enterem) a začne znova scanovat, nakon ci scanování se pokusí smazat námy zadané soubory - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte

LiveBomb · Příspěvek od **LiveBomb** » ned 27. led 2008, 23:39

Ahoj, prosim o kontrolu:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:37:41, on 27.1.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\FlashFXP\FlashFXP.exe
C:\Users\__________\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F6A1473-D508-497B-A3E8-D9C251AA483E}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6F6A1473-D508-497B-A3E8-D9C251AA483E}: NameServer = 192.168.0.1
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9746 bytes

BUBINO · Příspěvek od **BUBINO** » pon 28. led 2008, 00:29

Log sa mi nezda

Ako vam moze ist pocitac, bez zakladnych beziacih procesov ? Skuste ho dat este raz.

LiveBomb · Příspěvek od **LiveBomb** » pon 28. led 2008, 17:26

Log vyleze stejny..

BUBINO · Příspěvek od **BUBINO** » stř 30. led 2008, 19:11

Toto fix:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Doinstalujte antivir a firewall.
Su neake vyrazne problemy s pocitacom?

LiveBomb · Příspěvek od **LiveBomb** » stř 30. led 2008, 22:42

Bezi mi tu Eset Smart Security

Novy log:
Logfile of HijackThis v1.99.1
Scan saved at 22:40:29, on 30.1.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe
C:\Program Files (x86)\Total Commander\TOTALCMD.EXE
C:\PROGRA~2\MICROS~1\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Miranda IM\miranda32.exe
C:\Program Files (x86)\QIP\qip.exe
C:\Users\__________\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F6A1473-D508-497B-A3E8-D9C251AA483E}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6F6A1473-D508-497B-A3E8-D9C251AA483E}: NameServer = 192.168.0.1
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

BUBINO · Příspěvek od **BUBINO** » stř 30. led 2008, 23:01

Toto v programe fix:
Toto fix:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Akeho mate providera? Zodpovedaju mu tieto udaje?:
http://whois.domaintools.com/192.168.0.1

LiveBomb · Příspěvek od **LiveBomb** » stř 30. led 2008, 23:22

Ne, ta IP adresa je na vnitrni siti....

A ty 3 zaznamy smazat (fixnout) nejdou...

BUBINO · Příspěvek od **BUBINO** » stř 30. led 2008, 23:28

Skuste v nudzovom rezime, ale su to len zbytocnosti, alebo pouzite neaky cleaner. Mate s pocitacom neaky zavazny problem?

LiveBomb · Příspěvek od **LiveBomb** » stř 30. led 2008, 23:31

No po odistalovani ATI Control Center sem eliminoval 90% BSODu, nicmene obcas se objevi BSOD s chybou v ndis.sys. Pomoci minidupmu sem zjistil, ze to pada kvuli ovldaci sitovky (realtek), ale BSOD nastane i kdyz se pouziji drivery implementovane ve Windows. Takze pochybuju, ze by ovladace odflakl microsoft - u realteku by me to neprekvapilo

Axident · Příspěvek od **Axident** » pát 1. úno 2008, 19:14

Nekolik dlouhych dni jsem nemohl reagovat, az ted, diky za cas, txt jsem na ComboFix hodil a vysledek scanu je tento:

ComboFix 08-02.01.6 - R 2008-02-01 18:51:00.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.494 [GMT 1:00]
Running from: C:\Documents and Settings\R\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\R\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\perfc005.dat
C:\WINDOWS\system32\perfc009.dat
C:\WINDOWS\system32\perfh005.dat
C:\WINDOWS\system32\perfh009.dat
C:\WINDOWS\system32\routing.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\perfc005.dat
C:\WINDOWS\system32\perfc009.dat
C:\WINDOWS\system32\perfh005.dat
C:\WINDOWS\system32\perfh009.dat

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-02-01 01:51 . 2007-03-02 20:55 9,893,888 --a------ C:\WINDOWS\system32\Koi Fish 3D Screensaver.exe
2008-02-01 01:51 . 2007-03-02 20:55 771,072 --a------ C:\WINDOWS\system32\Koi_Fish_3D_Screensaver.scr
2008-02-01 01:51 . 2007-02-27 00:35 7,552 --a------ C:\WINDOWS\Koi Fish 3D Screensaver.html
2008-02-01 01:50 . 2008-02-01 01:51 <DIR> d-------- C:\Program Files\MSTpscre
2008-01-31 20:00 . 2008-02-01 02:07 <DIR> d-------- C:\WINDOWS\system32\Open Season Characters dir
2008-01-31 20:00 . 2008-01-31 20:00 532,480 --a------ C:\WINDOWS\system32\Open Season Characters.scr
2008-01-26 10:58 . 2008-01-26 10:58 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Hagel Technologies
2008-01-22 20:05 . 2008-01-22 20:05 <DIR> d-------- C:\Documents and Settings\R\Data aplikací\iWin
2008-01-22 20:05 . 2008-01-22 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\iWin Games
2008-01-22 16:25 . 2008-01-22 16:28 <DIR> d-------- C:\Documents and Settings\R\Data aplikací\Super-Cow
2008-01-21 20:39 . 2008-01-21 20:39 81,920 --a------ C:\WINDOWS\system32\drivers\csrss.exe
2008-01-21 13:47 . 2008-02-01 19:00 <DIR> d-------- C:\Z_temp
2008-01-21 07:34 . 2008-01-29 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Barbie Fashion Show
2008-01-20 13:28 . 2008-01-21 10:03 1,752 --a------ C:\Documents and Settings\R\clean.reg
2008-01-20 13:14 . 2008-01-20 13:15 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-15 01:38 . 2008-01-15 01:38 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-09 18:51 . 2008-01-09 18:51 <DIR> d-------- C:\Documents and Settings\R\Data aplikací\Disney Interactive
2008-01-09 17:55 . 2008-01-09 17:56 <DIR> d-------- C:\Documents and Settings\R\Data aplikací\Spectaculator
2008-01-09 17:54 . 2008-01-09 17:54 <DIR> d-------- C:\Program Files\spectaculator.com
2008-01-03 00:20 . 2008-01-03 00:20 140 --a------ C:\_dele.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 17:25 --------- d-----w C:\Documents and Settings\R\Data aplikací\uTorrent
2008-02-01 11:07 --------- d-----w C:\Program Files\Trillian
2008-02-01 05:47 --------- d-----w C:\Program Files\CureROM
2008-01-31 19:57 --------- d-----w C:\Documents and Settings\R\Data aplikací\Vso
2008-01-31 16:06 161,438 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-30 16:40 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-01-28 15:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 15:30 --------- d-----w C:\Documents and Settings\R\Data aplikací\Netscape
2008-01-27 05:50 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-26 08:50 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ACD Systems
2008-01-24 04:38 --------- d-----w C:\Documents and Settings\R\Data aplikací\Azureus
2008-01-20 06:56 --------- d-----w C:\Program Files\Alcohol Soft
2008-01-19 08:49 --------- d-----w C:\Program Files\FisherPriceToyland
2008-01-15 21:42 --------- d-----w C:\Program Files\Pinnacle
2008-01-13 14:48 --------- d-----w C:\Program Files\Hello Kitty Dream Carnival
2008-01-09 22:57 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\SecTaskMan
2008-01-08 03:51 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-05 07:30 --------- d-----w C:\Program Files\Total Video Converter
2008-01-02 23:30 --------- d-----w C:\Program Files\Všeználek to ví
2008-01-02 23:19 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-30 13:59 --------- d-----w C:\Documents and Settings\R\Data aplikací\MyPhoneExplorer
2007-12-28 17:58 --------- d-----w C:\Program Files\eRightSoft
2007-12-28 05:09 --------- d-----w C:\Program Files\Azureus
2007-12-27 16:53 --------- d-----w C:\Program Files\Google
2007-12-27 11:24 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
2007-12-24 06:57 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-12-23 18:07 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\eGames
2007-12-23 11:48 --------- d-----w C:\Documents and Settings\R\Data aplikací\eGames
2007-12-21 20:11 --------- d-----w C:\Documents and Settings\R\Data aplikací\Složka odesílání Share-to-Web
2007-12-15 08:07 --------- d-----w C:\Program Files\IDOS
2007-12-15 06:54 --------- d-----w C:\Documents and Settings\R\Data aplikací\MetaProducts
2007-12-13 00:19 --------- d-----w C:\Program Files\Security Task Manager
2007-12-12 03:48 --------- d-----w C:\Program Files\Ashampoo
2007-12-09 11:09 --------- d-----w C:\Program Files\Jigsaws
2007-12-09 07:08 --------- d-----w C:\Program Files\Supercow
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-02 00:22 --------- d-----w C:\Program Files\OO Software
2007-11-22 10:30 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-07 09:29 720,896 ------w C:\WINDOWS\system32\lsasrv.dll
2007-02-27 17:55 87,608 ----a-w C:\Documents and Settings\R\Data aplikací\ezpinst.exe
2007-02-27 17:55 47,360 ----a-w C:\Documents and Settings\R\Data aplikací\pcouffin.sys
2006-09-28 15:22 91,265 ----a-w C:\Program Files\OCT2006_xinput_x64.cab
2006-09-28 15:22 49,149 ----a-w C:\Program Files\OCT2006_xinput_x86.cab
2006-09-28 15:21 41,996 ----a-w C:\Program Files\dxdllreg_x86.cab
2006-09-28 15:21 183,321 ----a-w C:\Program Files\OCT2006_XACT_x64.cab
2006-09-28 15:21 138,977 ----a-w C:\Program Files\OCT2006_XACT_x86.cab
2006-09-28 15:21 1,413,862 ----a-w C:\Program Files\OCT2006_d3dx9_31_x64.cab
2006-09-28 15:21 1,128,177 ----a-w C:\Program Files\OCT2006_d3dx9_31_x86.cab
2006-09-28 14:55 976,020 ------w C:\Program Files\BDAXP.cab
2006-09-28 14:55 917,318 ------w C:\Program Files\Apr2006_MDX1_x86.cab
2006-09-28 14:55 88,102 ------w C:\Program Files\AUG2006_xinput_x64.cab
2006-09-28 14:55 87,989 ------w C:\Program Files\Apr2006_xinput_x64.cab
2006-09-28 14:55 86,925 ------w C:\Program Files\Oct2005_xinput_x64.cab
2006-09-28 14:55 82,374 ----a-w C:\Program Files\dxupdate.cab
2006-09-28 14:55 74,520 ----a-w C:\Program Files\DSETUP.dll
2006-09-28 14:55 703,080 ------w C:\Program Files\BDA.cab
2006-09-28 14:55 484,632 ----a-w C:\Program Files\DXSETUP.exe
2006-09-28 14:55 47,018 ------w C:\Program Files\AUG2006_xinput_x86.cab
2006-09-28 14:55 46,898 ------w C:\Program Files\Apr2006_xinput_x86.cab
2006-09-28 14:55 46,247 ------w C:\Program Files\Oct2005_xinput_x86.cab
2006-09-28 14:55 4,163,518 ------w C:\Program Files\Apr2006_MDX1_x86_Archive.cab
2006-09-28 14:55 2,248,984 ----a-w C:\Program Files\dsetup32.dll
2006-09-28 14:55 183,863 ------w C:\Program Files\AUG2006_XACT_x64.cab
2006-09-28 14:55 181,745 ------w C:\Program Files\JUN2006_XACT_x64.cab
2006-09-28 14:55 180,021 ------w C:\Program Files\Apr2006_XACT_x64.cab
2006-09-28 14:55 179,247 ------w C:\Program Files\Feb2006_XACT_x64.cab
2006-09-28 14:55 15,493,481 ------w C:\Program Files\DirectX.cab
2006-09-28 14:55 138,195 ------w C:\Program Files\AUG2006_XACT_x86.cab
2006-09-28 14:55 134,631 ------w C:\Program Files\JUN2006_XACT_x86.cab
2006-09-28 14:55 133,991 ------w C:\Program Files\Apr2006_XACT_x86.cab
2006-09-28 14:55 133,297 ------w C:\Program Files\Feb2006_XACT_x86.cab
2006-09-28 14:55 13,265,040 ------w C:\Program Files\dxnt.cab
2006-09-28 14:55 1,398,718 ------w C:\Program Files\Apr2006_d3dx9_30_x64.cab
2006-09-28 14:55 1,363,684 ------w C:\Program Files\Feb2006_d3dx9_29_x64.cab
2006-09-28 14:55 1,358,864 ------w C:\Program Files\Dec2005_d3dx9_28_x64.cab
2006-09-28 14:55 1,351,430 ------w C:\Program Files\Aug2005_d3dx9_27_x64.cab
2006-09-28 14:55 1,348,242 ------w C:\Program Files\Apr2005_d3dx9_25_x64.cab
2006-09-28 14:55 1,336,890 ------w C:\Program Files\Jun2005_d3dx9_26_x64.cab
2006-09-28 14:55 1,248,387 ------w C:\Program Files\Feb2005_d3dx9_24_x64.cab
2006-09-28 14:55 1,156,363 ------w C:\Program Files\BDANT.cab
2006-09-28 14:55 1,116,109 ------w C:\Program Files\Apr2006_d3dx9_30_x86.cab
2006-09-28 14:55 1,085,608 ------w C:\Program Files\Feb2006_d3dx9_29_x86.cab
2006-09-28 14:55 1,080,344 ------w C:\Program Files\Dec2005_d3dx9_28_x86.cab
2006-09-28 14:55 1,079,850 ------w C:\Program Files\Apr2005_d3dx9_25_x86.cab
2006-09-28 14:55 1,078,532 ------w C:\Program Files\Aug2005_d3dx9_27_x86.cab
2006-09-28 14:55 1,065,813 ------w C:\Program Files\Jun2005_d3dx9_26_x86.cab
2006-09-28 14:55 1,014,113 ------w C:\Program Files\Feb2005_d3dx9_24_x86.cab
2006-02-23 12:53 90 ----a-w C:\Program Files\Crash.log
2005-11-12 09:26 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2007-08-27 19:49 23 --sha-w C:\WINDOWS\system32\abcbb0_r.dll
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"PC Dictionary"="" []
"OEXPRESS"="" []
"WEBTRAN"="" []
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12 517632]
"DU Meter"="F:\Program Files (F)\DU Meter\DUMeter.exe" [2007-11-11 19:48 2585360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 21:49 7286784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"pripominac"="F:\Software (F)\Připomínač\pripominac.exe" [2007-10-01 20:13 416256]
"BootSkin Startup Jobs"="C:\Program Files\BootSkin\BootSkin.exe" [2004-04-26 15:21 270336]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Spyware Doctor"="" []

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hide IP Platinum]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2003-06-03 14:52]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 01:00]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2003-06-03 14:52]
R2 athsgt;athsgt;C:\WINDOWS\system32\DRIVERS\athsgt.sys [2006-02-04 15:19]
R2 DUMeterSvc;DU Meter Service;F:\Program Files (F)\DU Meter\DUMeterSvc.exe [2007-11-12 20:39]
R2 limsgt;limsgt;C:\WINDOWS\system32\DRIVERS\limsgt.sys [2006-02-04 15:19]
R2 Nadim;NAD Proto Driver;C:\WINDOWS\system32\DRIVERS\nadim.sys [2005-05-30 22:27]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2003-04-08 08:56]
S0 vburner;vburner;C:\WINDOWS\system32\DRIVERS\vburner.sys [2007-08-10 12:10]
S0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-23 02:15]
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 12:12]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 12:12]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 12:12]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 12:12]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 12:12]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2004-12-18 20:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47dff97c-5c85-11da-b38a-00d009e41662}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bd05ae6-3a75-11da-b066-806d6172696f}]
\Shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73f45e3b-5c83-11da-b29a-00d009e41662}]
\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a28ea383-5c81-11da-9b56-00d009e41662}]
\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b151a666-4955-11da-8fad-806d6172696f}]
\Shell\AutoRun\command - I:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8cd2924-1ba2-11dc-a5ce-00d009e41662}]
\Shell\AutoRun\command - I:\start.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba5eb216-3c67-11da-a060-806d6172696f}]
\Shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0a8b2e3-5d48-11da-b7de-00d009e41662}]
\Shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e063b836-ae65-11da-bd41-00d009e41662}]
\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e38b7bd0-ae08-11da-bd3f-00d009e41662}]
\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7ecc450-8395-11da-8c26-00d009e41662}]
\Shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f51cc172-adfd-11da-8cd3-00d009e41662}]
\Shell\AutoRun\command - J:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1578F1DA-7365-0FBE-0507-030407050804}]
C:\WINDOWS\system32\RegMen.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 19:00:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]
"ImagePath"="F:\Program Files (F)\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
Completion time: 2008-02-01 19:04:05
ComboFix-quarantined-files.txt 2008-02-01 18:03:52
ComboFix2.txt 2008-01-21 12:47:18
.
2008-01-16 04:31:36 --- E O F ---

Myslel jsem, ze uz je komp OK, ale to rozhodne neni, Avast mi dnes nasel 17 trojanu(!!!!! to se mi nikdy nestalo) a Spyware Doctor nejaky trojan downloader, trojan clicker atd., vymaze je, ale to nestaci, sedi to tam nekde dal, takze diky za pomoc, pocitac se nijak extremne spatne nechova, ale ok to nebude...

BUBINO · Příspěvek od **BUBINO** » pát 1. úno 2008, 21:28

Takze.
Do poznamkoveho bloku skopiruj toto dole a pretiahni nad combofix:

KillAll::

File::
C:\WINDOWS\system32\drivers\csrss.exe
C:\_dele.bat
C:\WINDOWS\system32\abcbb0_r.dll

Folder::
C:\Documents and Settings\R\Data aplikací\Super-Cow
C:\Documents and Settings\All Users\Data aplikací\Barbie Fashion Show
C:\Program Files\Supercow

DirLook::
C:\Program Files\FisherPriceToyland
C:\Program Files\Jigsaws
C:\Documents and Settings\R\Data aplikací\Disney Interactive
C:\WINDOWS\system32\Open Season Characters dir

Toto prosim otestuj na virustotal.com:

c:\Documents and Settings\R\clean.reg
C:\WINDOWS\system32\DRIVERS\vburner.sys
C:\WINDOWS\system32\spupdsvc.inf
C:\WINDOWS\system32\drivers\atksgt.sys
C:\WINDOWS\system32\drivers\vidstub.sys
F:\Software (F)\Připomínač\pripominac.exe
F:\Program Files (F)\DU Meter\DUMeter.exe

Ak virustotal oznaci subor cervenou hodnotou, tak ju tu skopirujte spolu s nazvom testovaneho subora.

Potomto preskenuj pocitac s mwavom:
http://www.viry.cz/forum/viewtopic.php?t=4097
Updatuj, nastav a zapni skenovanie. Po skene sem vloz obsach dolneho okna.

Axident · Příspěvek od **Axident** » pát 1. úno 2008, 23:23

Diky, ale jeste nez to udelam, chci se zeptal, jak poznas, ze zrovna tyhle veci "smrdi", vsechno to jsou totiz hry, co hraji moje holky (Super-Cow, Barbie Fashion Show, Fisher price Toyland, Disney Interactive, Open Season), pravda je, ze uz na jinem Foru mi minule take radily po ComboFixu smazat ta Data aplikaci u Super-Cow a Barbie Fashion Show, tak neco se vam tam asi fakt nelibi,co to zpusobilo je, ze holkam zmizela vsechna ulozena data a musela zacit od zacatku. V tech vecech na overeni virustotal - Pripominac je malinka utilitka ze Slunecnice na narozeniny a DU Meter je programek, co prehledne a precizne meri veskery download a upload. (Virustotal je ted desne zasekany, pry jste v poradi, pockejte 160-300 minut.) Diky za info.

Axident · Příspěvek od **Axident** » sob 2. úno 2008, 00:01

Tak jsem tam projel ty doporucene veci, vsechny ciste, jen tyhle 2 ne:

C:\WINDOWS\system32\drivers\vidstub.sys
1/32 (Webwasher-Gateway:Win32.Malware.gen!80 (suspicious))

F:\Program Files (F)\DU Meter\DUMeter.exe
1/32 (Webwasher-Gateway:Virus.Win32.FileInfector.gen!90 (suspicious))

BUBINO · Příspěvek od **BUBINO** » sob 2. úno 2008, 00:13

Niektore veci ani ja hned neviem.
http://www.rootkit.cz/forum/viewtopic.p ... fcc0dafbf0

Tu to to radca zmazal. Takto. Ak su to hry, ktore pouzivaju, tak otestuj a virustotal len subory, ktore sa v nich nachadzaju. 2-3.

A urob to s tym combofixom s tym, ze do poznamkoveho bloku skpoiruj:

KillAll::

File::
C:\WINDOWS\system32\drivers\csrss.exe
C:\_dele.bat
C:\WINDOWS\system32\abcbb0_r.dll

DirLook::
C:\Program Files\FisherPriceToyland
C:\Program Files\Jigsaws
C:\Documents and Settings\R\Data aplikací\Disney Interactive
C:\WINDOWS\system32\Open Season Characters dir

Prikaz DIRLOOK:: zobrazi obsah zloziek.

BUBINO · Příspěvek od **BUBINO** » sob 2. úno 2008, 00:21

Takze aky mate vlastne problem?

HijackThis utilita + LOGY k posouzeni

Jasne...

ComboFix

Re: ComboFix

Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Omluva za zpozdeni a dik

Re: Omluva za zpozdeni a dik

To Bubino

Virustotal

Re: Omluva za zpozdeni a dik