Problem s virama :-( Opět jsem v tom :-( Prosim o pomoc.

[solda1]

tu avanger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nrsofqsv

*******************

Script file located at: \??\C:\tbmhejgi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\o deleted successfully.
File C:\WINDOWS\system32\dnncbxya.exe deleted successfully.
File C:\WINDOWS\system32\bpjukd.exe deleted successfully.
File C:\WINDOWS\system32\vcdb.exe deleted successfully.


File C:\WINDOWS\System32\algs.exe not found!
Deletion of file C:\WINDOWS\System32\algs.exe failed!

Could not process line:
C:\WINDOWS\System32\algs.exe
Status: 0xc0000034



Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Application Layer Gateway Service
Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Application Layer Gateway Service failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

[solda1]

No mensi problem s tim iceswordem....celkem to nechapu..jak jako zistim ten log...ale vidim ty smejdy cervene,to je to co me nasel avast,oni do toho winu nepatri,ale su tam,jak na to ? Tam je toho vic nechapu to.

[solda1]

To mam dat proces a log,pak SPI a log a pak SSDT a log atd nebo jak ?

[BUBINO]

Otvor ten program. Klikni na polozku na lavej strane
Process Nasledne do hornej listy na LOG. Uloz ho na plochu.To iste aj u policka Kernel Module. Oba logy skopiruj sem a napis, aky proces je cervenou farbou. Teraz som skusal a mne sa nechcel stiahnut. Tu je alternativny odkaz
: http://mail.ustc.edu.cn/~jfpan/download ... d122en.zip

[solda1]

a co kdyz neni zadny cervenou barvou ? Mam cervene veci jen jak je to SSDT,tak co s tim ?

[BUBINO]

Tak to nic. Chcem vidiet len tie dva logy.

[solda1]

Okej,tu je ten z process :

Process:

System Idle Process
System
C:\PROGRA~1\SPYWAR~1\Spywareterminatorshield.Exe
C:\WINDOWS\system32\csrs.exe
C:\WINDOWS\system32\liqmcy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\smss.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\puqrp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminator.exe
C:\Documents and Settings\Administrator\Plocha\IceSword122en\IceSword.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\e5a6ce1f8ea60105c71471c731c05538\update\update.exe


A tu ten Kernel Module :

Kernel Module:

\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
sppu.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
ACPI.sys
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\System32\DRIVERS\processr.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\DRIVERS\Rtenicxp.sys
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\L8042Kbd.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\aktfvhcg.SYS
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\LHidUsbK.Sys
\SystemRoot\System32\Drivers\HIDCLASS.SYS
\SystemRoot\System32\Drivers\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\LHidKE.Sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\DRIVERS\LMouKE.Sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\DRIVERS\secdrv.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
\Program Files\DAEMON Tools Lite\daemon.dll
C:\WINDOWS\System32\Drivers\sptd.sys


Tu Process log:


Process:

System Idle Process
System
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\RTHDCPL.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SPYWAR~1\Spywareterminatorshield.Exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\hpaqbp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrator\Plocha\IceSword122en\IceSword.exe


Tu Kernel Module:


Kernel Module:

\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
spnm.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
ACPI.sys
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\System32\DRIVERS\processr.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\DRIVERS\Rtenicxp.sys
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\L8042Kbd.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\acczlwy8.SYS
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\Drivers\LHidUsbK.Sys
\SystemRoot\System32\Drivers\HIDCLASS.SYS
\SystemRoot\System32\Drivers\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\LHidKE.Sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\DRIVERS\LMouKE.Sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\DRIVERS\secdrv.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
\Program Files\DAEMON Tools Lite\daemon.dll
C:\WINDOWS\System32\Drivers\sptd.sys

[BUBINO]

Forum neslo a ma vyhodilo, tak som tu to nemohol dat. Zmas tie spiny raz a navzdy :

Files to delete:
c:\windows\System32\Drivers\aktfvhcg.SYS
c:\WINDOWS\system32\sppu.sys
c:\WINDOWS\system32\drivers\sppu.sys
C:\WINDOWS\system32\puqrp.exe
C:\WINDOWS\system32\liqmcy.exe
C:\WINDOWS\system32\csrs.exe
C:\WINDOWS\SYSTEM32\awlrqijb.exe

Do avengera.


Mas v pc toto?
c:\windows\system32\etc\hosts

[solda1]

du na to....me to taky neslo bracho.... a to jesli tam mam ten hosts jo mam,ta svina me uz sere

[solda1]

Tu je log z avangera,asi vsechno nedokazal smazat


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\seqrjpep

*******************

Script file located at: \??\C:\WINDOWS\pjqdyrxd.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File c:\windows\System32\Drivers\aktfvhcg.SYS not found!
Deletion of file c:\windows\System32\Drivers\aktfvhcg.SYS failed!

Could not process line:
c:\windows\System32\Drivers\aktfvhcg.SYS
Status: 0xc0000034



File c:\WINDOWS\system32\sppu.sys not found!
Deletion of file c:\WINDOWS\system32\sppu.sys failed!

Could not process line:
c:\WINDOWS\system32\sppu.sys
Status: 0xc0000034



File c:\WINDOWS\system32\drivers\sppu.sys not found!
Deletion of file c:\WINDOWS\system32\drivers\sppu.sys failed!

Could not process line:
c:\WINDOWS\system32\drivers\sppu.sys
Status: 0xc0000034

File C:\WINDOWS\system32\puqrp.exe deleted successfully.
File C:\WINDOWS\system32\liqmcy.exe deleted successfully.
File C:\WINDOWS\system32\csrs.exe deleted successfully.


File C:\WINDOWS\SYSTEM32\awlrqijb.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\awlrqijb.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\awlrqijb.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

[BUBINO]

Ok. Mozes sem dat log z combofixu a urobit este tie dva z ICE? Ako sa chova pocitac?

[solda1]

Ok. Mozes sem dat log z combofixu a urobit este tie dva z ICE? Ako sa chova pocitac?

porad na hovno,asi to vyhodim z okna..dam ti to sem,ale nevim jak stiham,pojedu k babicce.

[solda1]

Combo :


ComboFix 08-02.05.3 - Administrator 2008-02-06 15:26:48.4 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.841 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\.exe
C:\windows\system32\iexplore.exe
C:\WINDOWS\system32\msv.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.

2008-02-06 15:14 . 2008-02-06 15:16 <DIR> d-------- C:\ComboFix(2)
2008-02-06 15:14 . 2008-02-06 15:14 19,711 --a------ C:\WINDOWS\system32\hpaqbp.exe
2008-02-06 15:14 . 2008-02-06 15:14 7,680 --a------ C:\WINDOWS\system32\idjwvv.exe
2008-02-06 14:22 . 2008-02-06 14:22 19,711 --a------ C:\WINDOWS\system32\optdemsi.exe
2008-02-06 14:22 . 2008-02-06 14:22 7,680 --a------ C:\WINDOWS\system32\irwtvua.exe
2008-02-06 12:52 . 2008-02-06 12:53 19,711 --a------ C:\WINDOWS\system32\ylahqvsv.exe
2008-02-06 12:52 . 2008-02-06 12:52 7,680 --a------ C:\WINDOWS\system32\hkvtfdei.exe
2008-02-06 12:50 . 2008-02-06 12:50 19,711 --a------ C:\WINDOWS\system32\uquaadsu.exe
2008-02-06 12:50 . 2008-02-06 12:50 7,680 --a------ C:\WINDOWS\system32\okhwoupw.exe
2008-02-06 11:23 . 2008-02-06 11:24 14,600 --ah----- C:\WINDOWS\system32\ofwmgwuy.exe
2008-02-06 11:11 . 2008-02-06 11:24 31,390 --ah----- C:\WINDOWS\system32\lbexu.exe
2008-02-06 10:01 . 2008-02-06 10:01 19,711 --a------ C:\WINDOWS\system32\bpwxj.exe
2008-02-06 10:01 . 2008-02-06 10:01 7,680 --a------ C:\WINDOWS\system32\cseuy.exe
2008-02-06 09:50 . 2008-02-06 09:50 19,711 --a------ C:\WINDOWS\system32\ejsgqcn.exe
2008-02-06 09:50 . 2008-02-06 09:50 7,680 --a------ C:\WINDOWS\system32\dqpagbj.exe
2008-02-05 22:38 . 2008-02-05 22:38 121 --a------ C:\WINDOWS\system32\vrzhr.bat
2008-02-05 22:37 . 2008-02-05 22:38 64,000 --ah----- C:\WINDOWS\system32\dprmsf.exe
2008-02-05 21:03 . 2008-02-05 21:03 19,711 --a------ C:\WINDOWS\system32\qyoxpai.exe
2008-02-05 21:03 . 2008-02-05 21:03 7,680 --a------ C:\WINDOWS\system32\hiwq.exe
2008-02-05 20:07 . 2008-02-05 20:07 19,711 --a------ C:\WINDOWS\system32\fxazkrl.exe
2008-02-05 20:07 . 2008-02-05 20:07 7,680 --a------ C:\WINDOWS\system32\hvtebcl.exe
2008-02-05 17:27 . 2008-02-05 17:27 19,711 --a------ C:\WINDOWS\system32\tuzxmai.exe
2008-02-05 17:27 . 2008-02-05 17:27 7,680 --a------ C:\WINDOWS\system32\zywfp.exe
2008-02-05 17:26 . 2008-02-05 17:26 <DIR> d-------- C:\Documents and Settings\Guest\Data aplikací\Logitech
2008-02-05 17:25 . 2008-02-04 14:06 <DIR> d-------- C:\Documents and Settings\Guest\Plocha
2008-02-05 17:25 . 2008-02-04 14:06 <DIR> d--h----- C:\Documents and Settings\Guest\Okolní tiskárny
2008-02-05 17:25 . 2008-02-04 14:06 <DIR> d--h----- C:\Documents and Settings\Guest\Okolní síť
2008-02-05 17:25 . 2008-02-05 17:26 <DIR> dr------- C:\Documents and Settings\Guest\Oblíbené položky
2008-02-05 17:25 . 2008-02-04 13:11 <DIR> d--h----- C:\Documents and Settings\Guest\Šablony
2008-02-05 17:25 . 2008-02-04 14:06 <DIR> dr------- C:\Documents and Settings\Guest\Nabídka Start
2008-02-05 17:25 . 2008-02-05 17:26 <DIR> dr------- C:\Documents and Settings\Guest\Dokumenty
2008-02-05 17:25 . 2008-02-05 17:26 <DIR> dr-h----- C:\Documents and Settings\Guest\Data aplikací
2008-02-05 17:15 . 2004-03-10 19:00 595,968 -----c--- C:\WINDOWS\system32\dllcache\xpsp2res.dll
2008-02-05 16:58 . 2003-02-28 16:34 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2008-02-05 16:58 . 2003-02-28 18:26 171,280 --a------ C:\WINDOWS\system32\jit.dll
2008-02-05 16:58 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-02-05 16:58 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-02-05 16:58 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-02-05 16:58 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-02-05 16:38 . 2008-02-05 16:38 7,680 --a------ C:\WINDOWS\system32\dqogsv.exe
2008-02-05 15:57 . 2005-10-20 23:34 992,768 --a------ C:\WINDOWS\system32\esent.dll
2008-02-05 15:46 . 2008-02-05 15:46 7,680 --a------ C:\WINDOWS\system32\ksalfyc.exe
2008-02-05 15:44 . 2008-02-05 15:44 19,711 --a------ C:\WINDOWS\system32\zmar.exe
2008-02-05 15:44 . 2008-02-05 15:44 7,680 --a------ C:\WINDOWS\system32\ljwymzf.exe
2008-02-05 15:28 . 2008-02-05 15:28 19,711 --a------ C:\WINDOWS\system32\mjyatrr.exe
2008-02-05 15:28 . 2008-02-05 15:28 7,680 --a------ C:\WINDOWS\system32\jsjk.exe
2008-02-05 15:25 . 2008-02-05 15:25 <DIR> d-------- C:\WINDOWS\system32\bits
2008-02-05 15:25 . 2008-02-05 17:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-05 15:22 . 2004-07-01 23:10 360,448 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-02-05 15:22 . 2004-07-01 23:10 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-02-05 15:22 . 2004-07-01 23:10 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll
2008-02-05 15:22 . 2004-07-01 23:10 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-02-05 15:22 . 2004-07-01 23:10 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-02-05 14:11 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-02-05 14:11 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-02-05 14:11 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-02-05 14:11 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-02-05 14:11 . 2004-08-03 14:05 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-02-05 14:11 . 2004-08-03 13:59 168,216 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-02-05 14:11 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-02-05 13:53 . 2008-02-05 13:53 19,711 --a------ C:\WINDOWS\system32\oyyehrz.exe
2008-02-05 13:53 . 2008-02-05 13:53 7,680 --a------ C:\WINDOWS\system32\hfpkf.exe
2008-02-05 13:40 . 2008-02-05 13:41 33,792 --ah----- C:\WINDOWS\system32\ysbp.exe
2008-02-05 11:59 . 2008-02-05 11:59 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-02-05 11:55 . 2008-02-05 12:23 <DIR> d-------- C:\Program Files\Ubisoft
2008-02-05 11:55 . 2000-05-22 01:00 140,488 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-02-05 11:55 . 1998-06-24 01:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-05 11:55 . 1998-06-18 01:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-02-05 11:55 . 2000-03-17 09:21 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-02-05 11:55 . 2000-03-17 09:21 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-02-05 11:55 . 2002-04-24 13:43 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
2008-02-05 11:55 . 2002-04-09 18:23 29,184 --a------ C:\WINDOWS\system32\MSINET.oca
2008-02-05 11:55 . 2002-10-17 11:35 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2008-02-05 11:55 . 2002-01-07 17:30 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-05 11:50 . 2008-02-05 11:50 <DIR> d-------- C:\WINDOWS\Cache
2008-02-05 11:41 . 2008-02-06 09:51 <DIR> d-------- C:\Program Files\AdVantage
2008-02-05 11:41 . 2008-02-05 11:41 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools
2008-02-05 11:38 . 2008-02-05 11:42 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-05 11:38 . 2008-02-05 11:38 19,711 --a------ C:\WINDOWS\system32\ccko.exe
2008-02-05 11:38 . 2008-02-05 11:38 7,680 --a------ C:\WINDOWS\system32\tjsp.exe
2008-02-05 11:36 . 2008-02-05 11:36 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-05 11:13 . 2008-02-05 11:13 19,711 --a------ C:\WINDOWS\system32\kmhe.exe
2008-02-05 11:13 . 2008-02-05 11:13 7,680 --a------ C:\WINDOWS\system32\qdycy.exe
2008-02-05 09:47 . 2008-02-05 09:47 19,711 --a------ C:\WINDOWS\system32\mdhgi.exe
2008-02-05 09:47 . 2008-02-05 09:47 7,680 --a------ C:\WINDOWS\system32\iugb.exe
2008-02-05 09:17 . 2008-02-05 09:17 19,711 --a------ C:\WINDOWS\system32\uaojnvwu.exe
2008-02-05 09:17 . 2008-02-05 09:17 7,680 --a------ C:\WINDOWS\system32\ewistj.exe
2008-02-04 22:25 . 2008-02-04 22:26 <DIR> d-------- C:\Program Files\ComboFix
2008-02-04 22:17 . 2008-02-04 22:17 <DIR> d-------- C:\Program Files\avenger
2008-02-04 21:39 . 2008-02-04 21:39 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\atitray
2008-02-04 21:38 . 2008-02-04 21:38 <DIR> d-------- C:\Program Files\Ray Adams
2008-02-04 20:41 . 2008-02-04 23:14 <DIR> d-------- C:\Program Files\QooBox
2008-02-04 20:11 . 2008-02-04 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
2008-02-04 18:27 . 2008-02-05 21:01 <DIR> d-------- C:\Downloads
2008-02-04 18:27 . 2008-02-04 18:27 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-02-04 18:26 . 2008-02-04 19:19 <DIR> d-------- C:\Program Files\BitComet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 11:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-05 10:56 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-04 20:33 --------- d-----w C:\Program Files\ATI Technologies
2008-02-04 13:59 --------- d-----w C:\Program Files\totalcmd
2008-02-04 13:47 --------- d-----w C:\Program Files\Alwil Software
2008-02-04 13:35 --------- d-----w C:\Program Files\ESET
2008-02-04 13:35 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ESET
2008-02-04 13:16 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\ATI
2008-02-04 12:55 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Logitech
2008-02-04 12:53 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2008-02-04 12:53 --------- d-----w C:\Program Files\Logitech
2008-02-04 12:52 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-04 12:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-04 12:36 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-02-04 12:29 423 ----a-w C:\Program Files\RHDSetup.log
2008-02-04 12:29 197 ----a-w C:\Program Files\csb.log
2008-02-04 12:28 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-04 12:28 --------- d-----w C:\Program Files\Realtek
2008-02-04 12:28 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2008-02-04 12:27 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-02-04 12:25 --------- d-----w C:\Program Files\Yahoo!
2008-02-04 12:25 --------- d-----w C:\Program Files\Intel
2008-02-04 12:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-04 12:14 558,142 ----a-w C:\WINDOWS\java\Packages\VTRHJZ5N.ZIP
2008-02-04 12:14 155,995 ----a-w C:\WINDOWS\java\Packages\OIJ7P773.ZIP
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-20 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05 13312]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-04 13:53 32768]
"Steam"="C:\Games\Steam\Steam.exe" [2008-02-04 14:21 1266936]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-08-27 13:42 517120]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-29 13:05 486856]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [2007-11-05 11:12 884176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 49152 C:\WINDOWS\KHALMNPR.Exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-02-04 15:45 2776576]
"Client Server Runtime Process"="C:\WINDOWS\System32\csrs.exe" [ ]
"Advanced DHTML Enable"="C:\WINDOWS\System32\hpaqbp.exe" [2008-02-06 15:14 19711]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-02-04 13:53:14 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-04 13:52:38 434176]

S1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 10:04]
S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-02-04 15:47]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-02-04 13:27]
S3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 01:35]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 15:27:57
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-06 15:28:32
ComboFix-quarantined-files.txt 2008-02-06 14:28:17
.
2008-02-05 16:23:01 --- E O F ---

[solda1]

Process


Process:

System Idle Process
System
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\RTHDCPL.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SPYWAR~1\Spywareterminatorshield.Exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\hpaqbp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrator\Plocha\IceSword122en\IceSword.exe




Kernel Module:

\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
spnm.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
ACPI.sys
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\System32\DRIVERS\processr.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\DRIVERS\Rtenicxp.sys
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\L8042Kbd.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\acczlwy8.SYS
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\Drivers\LHidUsbK.Sys
\SystemRoot\System32\Drivers\HIDCLASS.SYS
\SystemRoot\System32\Drivers\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\LHidKE.Sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\DRIVERS\LMouKE.Sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\DRIVERS\secdrv.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
\Program Files\DAEMON Tools Lite\daemon.dll
C:\WINDOWS\System32\Drivers\sptd.sys

[solda1]

mas to co si chtel,ja odjizdim a vratim se asi v patek,ale to stejne nebudu mit cas,takze me aspon napis co mam udelat a jak se dostanu k pc tak to udelam,premyslim,ze se ho i zbavim,nemam na to nervy na ty zku*vene viry...diky moc Bubino,zatim ahoj

[BUBINO]

Mas tam tolko bordelu, ze mi je z toho zle Skus tento postup.Ak mas neake dolezite veci v pc, tak si ich zozalohuj, lebo nezarucujem, ze tym, ze tie veci zmazes, ti to neodrovna windows.

Spusti v nudzovom rezime SDFix:
http://www.viry.cz/forum/viewtopic.php?t=40395


Následne urob novy combofix log a ten daj sem. Zbytky, ktore ostanu, zmazeme.

[BUBINO]

Mas tam tolko bordelu, ze mi je z toho zle Skus tento postup.Ak mas neake dolezite veci v pc, tak si ich zozalohuj, lebo nezarucujem, ze tym, ze tie veci zmazes, ti to neodrovna windows.

Spusti v nudzovom rezime SDFix:
http://www.viry.cz/forum/viewtopic.php?t=40395


Následne urob novy combofix log a ten daj sem. Zbitky, ktore ostanu, zmazeme.

[solda1]

Hm,vypada to,ze ti lezu na nervy,omlouvam se,ale ja nelozim na zadne porno stranky a nic jine....jen mail,novinky ze sveta a z domova,icq,csko a to je cele..sosam prisony a losty a nechapu kde se to vzalo...Jestli ti to leze na nervy tak zas preinstaluju winy,jinak tu je ten:


SDFix: Version 1.138

Run by Administrator on pá 08.02.2008 at 12:29

Microsoft Windows XP [Verze 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 12:33:36
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:e3,de,96,29,d4,cc,d2,63,ab,52,36,90,58,28,a4,d8,64,4c,49,b6,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,cd,7d,1f,5e,8a,30,43,4a,15,34,c3,bc,9b,a9,68,9f,33,..
"khjeh"=hex:0a,2d,71,e7,9d,b1,5b,19,23,15,04,23,8a,b4,9b,7a,d1,6a,13,ea,51,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:61,4a,dd,b8,f3,5a,41,7e,41,55,76,79,d8,a9,cd,e6,46,46,23,2f,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:e3,de,96,29,d4,cc,d2,63,ab,52,36,90,58,28,a4,d8,64,4c,49,b6,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,cd,7d,1f,5e,8a,30,43,4a,15,34,c3,bc,9b,a9,68,9f,33,..
"khjeh"=hex:0a,2d,71,e7,9d,b1,5b,19,23,15,04,23,8a,b4,9b,7a,d1,6a,13,ea,51,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:61,4a,dd,b8,f3,5a,41,7e,41,55,76,79,d8,a9,cd,e6,46,46,23,2f,30,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Tue 5 Feb 2008 64,000 A..H. --- "C:\WINDOWS\system32\dprmsf.exe"
Wed 6 Feb 2008 31,390 A..H. --- "C:\WINDOWS\system32\lbexu.exe"
Wed 6 Feb 2008 14,600 A..H. --- "C:\WINDOWS\system32\ofwmgwuy.exe"
Tue 5 Feb 2008 33,792 A..H. --- "C:\WINDOWS\system32\ysbp.exe"

Finished!

[solda1]

A tu je combo :


ComboFix 08-02.05.3 - Administrator 2008-02-08 12:57:00.5 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.844 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.

2008-02-08 12:28 . 2008-02-08 12:28 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-08 12:23 . 2008-02-08 12:34 <DIR> d-------- C:\SDFix
2008-02-06 15:14 . 2008-02-06 15:16 <DIR> d-------- C:\ComboFix(2)
2008-02-06 15:14 . 2001-10-25 13:00 376,832 --a------ C:\kmd.exe
2008-02-06 15:14 . 2008-02-06 15:14 19,711 --a------ C:\WINDOWS\system32\hpaqbp.exe
2008-02-06 15:14 . 2008-02-06 15:14 7,680 --a------ C:\WINDOWS\system32\idjwvv.exe
2008-02-06 14:22 . 2008-02-06 14:22 19,711 --a------ C:\WINDOWS\system32\optdemsi.exe
2008-02-06 14:22 . 2008-02-06 14:22 7,680 --a------ C:\WINDOWS\system32\irwtvua.exe
2008-02-06 12:52 . 2008-02-06 12:53 19,711 --a------ C:\WINDOWS\system32\ylahqvsv.exe
2008-02-06 12:52 . 2008-02-06 12:52 7,680 --a------ C:\WINDOWS\system32\hkvtfdei.exe
2008-02-06 12:50 . 2008-02-06 12:50 19,711 --a------ C:\WINDOWS\system32\uquaadsu.exe
2008-02-06 12:50 . 2008-02-06 12:50 7,680 --a------ C:\WINDOWS\system32\okhwoupw.exe
2008-02-06 11:23 . 2008-02-06 11:24 14,600 --ah----- C:\WINDOWS\system32\ofwmgwuy.exe
2008-02-06 11:11 . 2008-02-06 11:24 31,390 --ah----- C:\WINDOWS\system32\lbexu.exe
2008-02-06 10:01 . 2008-02-06 10:01 19,711 --a------ C:\WINDOWS\system32\bpwxj.exe
2008-02-06 10:01 . 2008-02-06 10:01 7,680 --a------ C:\WINDOWS\system32\cseuy.exe
2008-02-06 09:50 . 2008-02-06 09:50 19,711 --a------ C:\WINDOWS\system32\ejsgqcn.exe
2008-02-06 09:50 . 2008-02-06 09:50 7,680 --a------ C:\WINDOWS\system32\dqpagbj.exe
2008-02-05 22:38 . 2008-02-05 22:38 121 --a------ C:\WINDOWS\system32\vrzhr.bat
2008-02-05 22:37 . 2008-02-05 22:38 64,000 --ah----- C:\WINDOWS\system32\dprmsf.exe
2008-02-05 21:03 . 2008-02-05 21:03 19,711 --a------ C:\WINDOWS\system32\qyoxpai.exe
2008-02-05 21:03 . 2008-02-05 21:03 7,680 --a------ C:\WINDOWS\system32\hiwq.exe
2008-02-05 20:07 . 2008-02-05 20:07 19,711 --a------ C:\WINDOWS\system32\fxazkrl.exe
2008-02-05 20:07 . 2008-02-05 20:07 7,680 --a------ C:\WINDOWS\system32\hvtebcl.exe
2008-02-05 17:27 . 2008-02-05 17:27 19,711 --a------ C:\WINDOWS\system32\tuzxmai.exe
2008-02-05 17:27 . 2008-02-05 17:27 7,680 --a------ C:\WINDOWS\system32\zywfp.exe
2008-02-05 17:26 . 2008-02-05 17:26 <DIR> d-------- C:\Documents and Settings\Guest\Data aplikací\Logitech
2008-02-05 17:25 . 2008-02-04 14:06 <DIR> d-------- C:\Documents and Settings\Guest\Plocha
2008-02-05 17:25 . 2008-02-04 14:06 <DIR> d--h----- C:\Documents and Settings\Guest\Okolní tiskárny
2008-02-05 17:25 . 2008-02-04 14:06 <DIR> d--h----- C:\Documents and Settings\Guest\Okolní síť
2008-02-05 17:25 . 2008-02-05 17:26 <DIR> dr------- C:\Documents and Settings\Guest\Oblíbené položky
2008-02-05 17:25 . 2008-02-04 13:11 <DIR> d--h----- C:\Documents and Settings\Guest\Šablony
2008-02-05 17:25 . 2008-02-04 14:06 <DIR> dr------- C:\Documents and Settings\Guest\Nabídka Start
2008-02-05 17:25 . 2008-02-05 17:26 <DIR> dr------- C:\Documents and Settings\Guest\Dokumenty
2008-02-05 17:25 . 2008-02-05 17:26 <DIR> dr-h----- C:\Documents and Settings\Guest\Data aplikací
2008-02-05 17:15 . 2004-03-10 19:00 595,968 -----c--- C:\WINDOWS\system32\dllcache\xpsp2res.dll
2008-02-05 16:58 . 2003-02-28 16:34 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2008-02-05 16:58 . 2003-02-28 18:26 171,280 --a------ C:\WINDOWS\system32\jit.dll
2008-02-05 16:58 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-02-05 16:58 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-02-05 16:58 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-02-05 16:58 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-02-05 16:38 . 2008-02-05 16:38 7,680 --a------ C:\WINDOWS\system32\dqogsv.exe
2008-02-05 15:57 . 2005-10-20 23:34 992,768 --a------ C:\WINDOWS\system32\esent.dll
2008-02-05 15:46 . 2008-02-05 15:46 7,680 --a------ C:\WINDOWS\system32\ksalfyc.exe
2008-02-05 15:44 . 2008-02-05 15:44 19,711 --a------ C:\WINDOWS\system32\zmar.exe
2008-02-05 15:44 . 2008-02-05 15:44 7,680 --a------ C:\WINDOWS\system32\ljwymzf.exe
2008-02-05 15:28 . 2008-02-05 15:28 19,711 --a------ C:\WINDOWS\system32\mjyatrr.exe
2008-02-05 15:28 . 2008-02-05 15:28 7,680 --a------ C:\WINDOWS\system32\jsjk.exe
2008-02-05 15:25 . 2008-02-05 15:25 <DIR> d-------- C:\WINDOWS\system32\bits
2008-02-05 15:25 . 2008-02-05 17:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-05 15:22 . 2004-07-01 23:10 360,448 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-02-05 15:22 . 2004-07-01 23:10 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-02-05 15:22 . 2004-07-01 23:10 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll
2008-02-05 15:22 . 2004-07-01 23:10 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-02-05 15:22 . 2004-07-01 23:10 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-02-05 15:22 . 2004-07-01 23:10 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-02-05 14:11 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-02-05 14:11 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-02-05 14:11 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-02-05 14:11 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-02-05 14:11 . 2004-08-03 14:05 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-02-05 14:11 . 2004-08-03 13:59 168,216 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-02-05 14:11 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-02-05 13:53 . 2008-02-05 13:53 19,711 --a------ C:\WINDOWS\system32\oyyehrz.exe
2008-02-05 13:53 . 2008-02-05 13:53 7,680 --a------ C:\WINDOWS\system32\hfpkf.exe
2008-02-05 13:40 . 2008-02-05 13:41 33,792 --ah----- C:\WINDOWS\system32\ysbp.exe
2008-02-05 11:59 . 2008-02-05 11:59 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-02-05 11:55 . 2008-02-05 12:23 <DIR> d-------- C:\Program Files\Ubisoft
2008-02-05 11:55 . 2000-05-22 01:00 140,488 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-02-05 11:55 . 1998-06-24 01:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-05 11:55 . 1998-06-18 01:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-02-05 11:55 . 2000-03-17 09:21 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-02-05 11:55 . 2000-03-17 09:21 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-02-05 11:55 . 2002-04-24 13:43 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
2008-02-05 11:55 . 2002-04-09 18:23 29,184 --a------ C:\WINDOWS\system32\MSINET.oca
2008-02-05 11:55 . 2002-10-17 11:35 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2008-02-05 11:55 . 2002-01-07 17:30 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-05 11:50 . 2008-02-05 11:50 <DIR> d-------- C:\WINDOWS\Cache
2008-02-05 11:41 . 2008-02-08 12:11 <DIR> d-------- C:\Program Files\AdVantage
2008-02-05 11:41 . 2008-02-05 11:41 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools
2008-02-05 11:38 . 2008-02-05 11:42 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-05 11:38 . 2008-02-05 11:38 19,711 --a------ C:\WINDOWS\system32\ccko.exe
2008-02-05 11:38 . 2008-02-05 11:38 7,680 --a------ C:\WINDOWS\system32\tjsp.exe
2008-02-05 11:36 . 2008-02-05 11:36 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-05 11:13 . 2008-02-05 11:13 19,711 --a------ C:\WINDOWS\system32\kmhe.exe
2008-02-05 11:13 . 2008-02-05 11:13 7,680 --a------ C:\WINDOWS\system32\qdycy.exe
2008-02-05 09:47 . 2008-02-05 09:47 19,711 --a------ C:\WINDOWS\system32\mdhgi.exe
2008-02-05 09:47 . 2008-02-05 09:47 7,680 --a------ C:\WINDOWS\system32\iugb.exe
2008-02-05 09:17 . 2008-02-05 09:17 19,711 --a------ C:\WINDOWS\system32\uaojnvwu.exe
2008-02-05 09:17 . 2008-02-05 09:17 7,680 --a------ C:\WINDOWS\system32\ewistj.exe
2008-02-04 22:25 . 2008-02-04 22:26 <DIR> d-------- C:\Program Files\ComboFix
2008-02-04 22:17 . 2008-02-04 22:17 <DIR> d-------- C:\Program Files\avenger
2008-02-04 21:39 . 2008-02-04 21:39 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\atitray
2008-02-04 21:38 . 2008-02-04 21:38 <DIR> d-------- C:\Program Files\Ray Adams
2008-02-04 20:41 . 2008-02-04 23:14 <DIR> d-------- C:\Program Files\QooBox
2008-02-04 20:11 . 2008-02-04 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 11:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-05 10:56 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-04 20:33 --------- d-----w C:\Program Files\ATI Technologies
2008-02-04 13:59 --------- d-----w C:\Program Files\totalcmd
2008-02-04 13:47 --------- d-----w C:\Program Files\Alwil Software
2008-02-04 13:35 --------- d-----w C:\Program Files\ESET
2008-02-04 13:35 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ESET
2008-02-04 13:16 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\ATI
2008-02-04 12:55 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Logitech
2008-02-04 12:53 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2008-02-04 12:53 --------- d-----w C:\Program Files\Logitech
2008-02-04 12:52 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-04 12:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-04 12:36 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-02-04 12:29 423 ----a-w C:\Program Files\RHDSetup.log
2008-02-04 12:29 197 ----a-w C:\Program Files\csb.log
2008-02-04 12:28 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-04 12:28 --------- d-----w C:\Program Files\Realtek
2008-02-04 12:28 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2008-02-04 12:27 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-02-04 12:25 --------- d-----w C:\Program Files\Yahoo!
2008-02-04 12:25 --------- d-----w C:\Program Files\Intel
2008-02-04 12:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-04 12:14 558,142 ----a-w C:\WINDOWS\java\Packages\VTRHJZ5N.ZIP
2008-02-04 12:14 155,995 ----a-w C:\WINDOWS\java\Packages\OIJ7P773.ZIP
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-20 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05 13312]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-04 13:53 32768]
"Steam"="C:\Games\Steam\Steam.exe" [2008-02-04 14:21 1266936]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-08-27 13:42 517120]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-29 13:05 486856]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [2007-11-05 11:12 884176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 49152 C:\WINDOWS\KHALMNPR.Exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-02-04 15:45 2776576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-02-04 13:53:14 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-04 13:52:38 434176]

S1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 10:04]
S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-02-04 15:47]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-02-04 13:27]
S3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 01:35]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 12:58:13
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-08 12:58:49
ComboFix-quarantined-files.txt 2008-02-08 11:58:34
ComboFix2.txt 2008-02-06 14:28:32
.
2008-02-05 16:23:01 --- E O F ---

[BUBINO]

Nie, nelezies. Keby si liezol, tak nenapisem postupy.

Do poznamkoveho bloku skopiruj nasledovne:

KillAll::

Driver::
Client Server Runtime Process
Advanced DHTML Enable


File::
C:\WINDOWS\system32\hpaqbp.exe
C:\WINDOWS\system32\idjwvv.exe
C:\WINDOWS\system32\optdemsi.exe
C:\WINDOWS\system32\irwtvua.exe
C:\WINDOWS\system32\ylahqvsv.exe
C:\WINDOWS\system32\hkvtfdei.exe
C:\WINDOWS\system32\uquaadsu.exe
C:\WINDOWS\system32\okhwoupw.exe
C:\WINDOWS\system32\ofwmgwuy.exe
C:\WINDOWS\system32\lbexu.exe
C:\WINDOWS\system32\bpwxj.exe
C:\WINDOWS\system32\cseuy.exe
C:\WINDOWS\system32\ejsgqcn.exe
C:\WINDOWS\system32\dqpagbj.exe
C:\WINDOWS\system32\vrzhr.bat
C:\WINDOWS\system32\dprmsf.exe
C:\WINDOWS\system32\qyoxpai.exe
C:\WINDOWS\system32\hiwq.exe
C:\WINDOWS\system32\fxazkrl.exe
C:\WINDOWS\system32\hvtebcl.exe
C:\WINDOWS\system32\tuzxmai.exe
C:\WINDOWS\system32\zywfp.exe
C:\WINDOWS\system32\ksalfyc.exe
C:\WINDOWS\system32\zmar.exe
C:\WINDOWS\system32\ljwymzf.exe
C:\WINDOWS\system32\mjyatrr.exe
C:\WINDOWS\system32\jsjk.exe
C:\WINDOWS\system32\oyyehrz.exe
C:\WINDOWS\system32\hfpkf.exe
C:\WINDOWS\system32\ysbp.exe
C:\WINDOWS\system32\comdlg32.ocx
C:\WINDOWS\system32\ccko.exe
C:\WINDOWS\system32\tjsp.exe
C:\WINDOWS\system32\drivers\sptd.sys
C:\WINDOWS\system32\kmhe.exe
C:\WINDOWS\system32\qdycy.exe
C:\WINDOWS\system32\mdhgi.exe
C:\WINDOWS\system32\iugb.exe
C:\WINDOWS\system32\uaojnvwu.exe
C:\WINDOWS\system32\ewistj.exe
C:\WINDOWS\System32\csrs.exe

Folder::
C:\Documents and Settings\Administrator\UserData
C:\Program Files\Ubisoft

Poznamkovy blok uloz na plochu ako CFScript.txt a combofix, pokial tak nemas. Restartuj pocitac do nudzoveho rezimu. S mysou chyt CFScript.txt , presun nad combofix kym nebude modry a nasledne spust. Zacke skenovanie. Log, ktory naskoci skopiruj sem .