 | | |
 | Stránka: 1 z 1
| [ Príspevkov: 26 ] | |
| Autor | Správa |
|---|
Registrovaný: 03.12.07
Prihlásený: 05.04.15
Príspevky: 49
Témy: 14
Bydlisko: Púchov |
Dnes sa PC správa niako neštandartne, teda upresnim to skor Mozilla Firefox, pri prezerani webu jednej online hry ( ziadne porno stranky ) namna vyskocilo okno niake winymussenieco.com nepametam si presne tu stranku a bola to tabulka na par riadkov nakonci ktorej bolo Ok a Zrusit, podla mojej slabuckej lamanej anglictiny som rozluskal ze slo o niaky scan alebo neico take pisalo sa tam ze pocitac je napadnuty potom cosi traces, privacy, scan your system a podobne vecicky, ja som sa davno v skole neucil anglictinu takze som prelozil len zopar sloviciek ale nedavalo mi to vyznam, potom ked som odklikol Zrusit tak vyskocilo dalsie okno a tam bolo len OK tak som dal a presmerovalo ma to na niaku stranku, winymusenieco.com a taky hrozne dlhy link na ktorom bolo ako keby Windows okno XPckarske hore modre aj krizik a podobne a tvarilo sa ze to robi scan PC a nakonci to vypisalo nieco ako ze v mojom PC bolo najdute nelegalne porno ( niake tu mam  ) a na ten img sa dalo kliknut ale myslim ze to bol len niaky link, robi to aj v Mozille aj v IE, a za 4 hodiny to urobilo cca 4x ... pridavam log s HJT lebo sa mi zdalo ze sa v taskmanagerovi ukazovali niake nezname procesi, log s HJT:
Kód: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:18, on 31.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Desktop\Data aplikací\Thinstall\CSDATA\1000000600002i\svchost.exe
C:\Documents and Settings\Desktop\Data aplikací\Thinstall\CSDATA\1000000600002i\svchost.exe
C:\Documents and Settings\Desktop\Dokumenty\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [BMbb236e3b] Rundll32.exe "C:\WINDOWS\system32\ycfmvxva.dll",s
O4 - HKLM\..\Run: [b8105da7] rundll32.exe "C:\WINDOWS\system32\tylxxswi.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211211117171
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
--
End of file - 3938 bytes
btw: Je to cerstvo preinstalovane XP cca 5 dni, a este tu neni ani FW ani AV.
|
|
|
fix v Hijackthis:
O4 - HKLM\..\Run: [BMbb236e3b] Rundll32.exe "C:\WINDOWS\system32\ycfmvxva.dll",s
O4 - HKLM\..\Run: [b8105da7] rundll32.exe "C:\WINDOWS\system32\tylxxswi.dll",b
potom spusti combofix podla navodu, sekcia SPUSTENIE SCRIPTU http://www.pcforum.sk/cistime-napadnuty ... 27265.html a do scriptu vloz toto:
Kód: File::
C:\Documents and Settings\Desktop\Data aplikací\Thinstall\CSDATA\1000000600002i\svchost.exe
C:\WINDOWS\system32\ycfmvxva.dll
C:\WINDOWS\system32\tylxxswi.dll
log vloz sem
|
|
Registrovaný: 03.12.07
Prihlásený: 05.04.15
Príspevky: 49
Témy: 14
Bydlisko: Púchov |  Napísal autor témy f0llower~: 31.05.2008 13:00 | |
|
ComboFix:
Kód: ComboFix 08-05-29.1 - Desktop 2008-05-31 12:46:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.212 [GMT 2:00]
Running from: C:\Documents and Settings\Desktop\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Desktop\Plocha\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\Documents and Settings\Desktop\Data aplikací\Thinstall\CSDATA\1000000600002i\svchost.exe
C:\WINDOWS\system32\tylxxswi.dll
C:\WINDOWS\system32\ycfmvxva.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Desktop\Data aplikací\Thinstall\CSDATA\1000000600002i\svchost.exe
C:\WINDOWS\BMbb236e3b.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\fccBULBu.dll
C:\WINDOWS\system32\fccdedcc.dll
C:\WINDOWS\system32\fflobgsx.exe
C:\WINDOWS\system32\iwsxxlyt.ini
C:\WINDOWS\system32\lpoomdhq.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pmnnOExV.dll
C:\WINDOWS\system32\qhdmoopl.ini
C:\WINDOWS\system32\rqRHyvuv.dll
C:\WINDOWS\system32\tuvUOFUO.dll
C:\WINDOWS\system32\tylxxswi.dll
C:\WINDOWS\system32\vuvyHRqr.ini
C:\WINDOWS\system32\vuvyHRqr.ini2
C:\WINDOWS\system32\ycfmvxva.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.
2008-05-31 00:57 . 2008-05-31 00:57 98,351 ---h----- C:\treeinfo.wc
2008-05-30 21:12 . 2008-05-30 21:12 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-28 22:36 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2008-05-28 22:36 . 2004-08-03 23:00 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-05-25 22:37 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-23 00:04 . 2008-05-23 00:04 <DIR> d-------- C:\Program Files\ffdshow
2008-05-23 00:04 . 2008-05-04 12:28 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-23 00:04 . 2008-05-04 12:28 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-23 00:04 . 2008-05-04 12:28 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-23 00:04 . 2008-05-04 12:28 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-23 00:04 . 2008-05-04 12:28 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-05-23 00:04 . 2008-05-04 12:28 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-22 15:56 . 2008-05-22 15:56 <DIR> d-------- C:\WINDOWS\Sun
2008-05-22 15:55 . 2008-05-22 15:55 <DIR> d-------- C:\Program Files\Java
2008-05-22 15:55 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-22 15:54 . 2008-05-22 15:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-22 15:45 . 2008-05-22 15:45 <DIR> d-------- C:\Program Files\PSPad editor
2008-05-21 18:30 . 2008-05-31 10:51 187 --a------ C:\WINDOWS\wcx_ftp.ini
2008-05-21 18:22 . 2008-05-21 18:24 <DIR> d-------- C:\Program Files\totalcmd
2008-05-21 18:22 . 2008-05-31 12:12 2,354 --a------ C:\WINDOWS\wincmd.ini
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-05-21 16:09 . 2008-05-21 16:09 0 --a------ C:\WINDOWS\PowerReg.dat
2008-05-21 16:08 . 2008-05-21 16:09 <DIR> d-------- C:\WINDOWS\UbiSoft
2008-05-21 16:06 . 2008-05-21 16:06 <DIR> d-------- C:\Program Files\D-Tools
2008-05-21 16:06 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-05-21 16:06 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-05-21 16:05 . 2008-05-21 16:05 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-20 13:16 . 2008-03-01 15:02 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-20 13:16 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-20 13:16 . 2007-03-08 07:09 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-20 13:16 . 2008-03-01 15:02 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-20 13:16 . 2008-03-01 15:02 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-20 13:16 . 2008-03-01 15:02 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-20 13:16 . 2008-03-01 15:02 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-20 13:16 . 2008-03-01 15:02 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-20 13:16 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-20 13:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-20 13:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-19 17:54 . 2008-05-20 17:00 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-05-19 17:03 . 2004-08-03 22:32 84,480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2008-05-19 17:03 . 2004-08-03 22:32 84,480 --a--c--- C:\WINDOWS\system32\dllcache\ac97via.sys
2008-05-19 16:52 . 2008-05-28 13:40 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-19 16:42 . 2008-05-19 16:42 <DIR> d---s---- C:\Documents and Settings\Desktop\UserData
2008-05-19 16:38 . 2008-05-19 16:38 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-19 16:38 . 2008-05-19 16:38 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-19 16:38 . 2008-05-19 16:38 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-15 20:37 . 2008-05-15 20:37 <DIR> d-------- C:\Program Files\Miranda IM
2008-05-15 20:33 . 2008-05-15 20:33 <DIR> d-------- C:\Program Files\VIA
2008-05-15 20:33 . 2004-05-18 10:55 74,112 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys
2008-05-15 20:32 . 2008-05-15 20:32 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-05-15 20:32 . 2008-05-15 20:32 <DIR> d-------- C:\Program Files\AvRack
2008-05-15 20:31 . 2008-05-15 20:31 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-05-15 20:31 . 2004-12-02 10:36 70,912 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys
2008-05-15 20:30 . 2008-05-15 20:30 <DIR> d-------- C:\Program Files\AMD
2008-05-15 20:30 . 2004-08-11 16:30 39,424 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-05-15 20:29 . 2008-05-15 20:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-15 20:27 . 2004-10-05 16:54 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-15 20:14 . 2008-05-15 20:32 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 20:14 . 2008-05-15 20:15 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-15 20:14 . 2008-03-28 21:05 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-05-15 20:13 . 2008-05-15 20:33 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-15 20:13 . 2008-05-15 20:13 <DIR> d-------- C:\ATI
2008-05-15 20:08 . 2008-05-15 20:08 <DIR> d-------- C:\Program Files\TV JOJ Media Player
2008-05-15 19:57 . 2008-05-15 19:57 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-15 19:54 . 2008-05-15 19:54 <DIR> d-------- C:\Program Files\Skype
2008-05-15 19:54 . 2008-05-15 19:54 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-15 18:18 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-05-15 18:16 . 2004-08-17 17:49 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2008-05-15 18:16 . 2004-08-17 17:44 52,352 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-05-15 18:16 . 2004-08-04 01:07 46,464 --a------ C:\WINDOWS\system32\drivers\GAGP30KX.SYS
2008-05-15 18:16 . 2004-08-04 00:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-05-15 18:14 . 2008-05-31 12:47 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-05-15 18:14 . 2008-05-15 16:22 <DIR> d--h----- C:\Documents and Settings\Default User\ćablony
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ tisk rny
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ sˇś
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\Default User\Oblˇben‚ polo§ky
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> dr------- C:\Documents and Settings\Default User\Nabˇdka Start
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\Default User\Dokumenty
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> dr-h----- C:\Documents and Settings\Default User\Data aplikacˇ
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d--h----- C:\Documents and Settings\All Users\ćablony
2008-05-15 18:14 . 2008-05-21 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Plocha
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Oblˇben‚ polo§ky
2008-05-15 18:14 . 2008-05-19 17:32 <DIR> dr------- C:\Documents and Settings\All Users\Nabˇdka Start
2008-05-15 18:14 . 2008-05-22 00:13 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-05-15 18:14 . 2008-05-18 14:03 <DIR> dr-h----- C:\Documents and Settings\All Users\Data aplikacˇ
2008-05-15 18:13 . 2008-05-15 16:28 261 --a------ C:\WINDOWS\system32\$winnt$.inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 15:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-15 14:26 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-26 12:01 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 11:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"BMbb236e3b"="C:\WINDOWS\system32\ycfmvxva.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Miranda IM\\miranda32.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 14:00]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 12:48:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-05-31 12:49:45 - machine was rebooted [Desktop]
ComboFix-quarantined-files.txt 2008-05-31 10:49:42
Adresářů: 6, Volných bajtů: 29,236,604,928
Adres ý…: 8, Volněch bajt…: 29,358,104,576
212 --- E O F --- 2008-05-28 15:00:25
A po restarte namna vyskocilo:
Este som zabudol ze Mozilla nechcela niektore stranky nacitat proste ostalo Cakanie na xxx.com a nehybalo sa polhodinu ale ked som dal napr xxx.com/forumdisplay.php tak to uz nacitalo bezproblemov, teda konkretne takto to robilo s war-boardom , http://forum.travian.com , http://forum.travian.sk
proste index nenacitalo ale ked uz som dal konkretny link na nieco alebo podobne tak to ficalo ...
|
|
|
znovu combofix s tymto scriptom
Kód: File::
C:\WINDOWS\PowerReg.dat
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMbb236e3b"=-
a fixni aj tie polozky v hijackthis, ktore som napisal vyssie..
|
|
Registrovaný: 03.12.07
Prihlásený: 05.04.15
Príspevky: 49
Témy: 14
Bydlisko: Púchov | Napísal autor témy f0llower~: 31.05.2008 13:39 | |
|
Tie polozky v HJT som fixol aj predtym, a teraz som ich fixol znova, tedfa len tu vrchnu ta dolna uz tam nebola ale ta vrchna sa znova obnovila, nasledne som aplikoval ComboFix ako si povedal a vysledok:
Kód: ComboFix 08-05-29.1 - Desktop 2008-05-31 13:36:07.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.242 [GMT 2:00]
Running from: C:\Documents and Settings\Desktop\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Desktop\Plocha\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\WINDOWS\PowerReg.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\PowerReg.dat
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.
2008-05-31 00:57 . 2008-05-31 00:57 98,351 ---h----- C:\treeinfo.wc
2008-05-30 22:09 . 2008-05-30 22:09 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\Thinstall
2008-05-30 21:12 . 2008-05-30 21:12 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-28 22:36 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2008-05-28 22:36 . 2004-08-03 23:00 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-05-25 22:37 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-24 16:31 . 2008-05-25 15:27 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\DMCache
2008-05-23 00:04 . 2008-05-23 00:04 <DIR> d-------- C:\Program Files\ffdshow
2008-05-23 00:04 . 2008-05-04 12:28 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-23 00:04 . 2008-05-04 12:28 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-23 00:04 . 2008-05-04 12:28 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-23 00:04 . 2008-05-04 12:28 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-23 00:04 . 2008-05-04 12:28 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-05-23 00:04 . 2008-05-04 12:28 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-22 15:56 . 2008-05-22 15:56 <DIR> d-------- C:\WINDOWS\Sun
2008-05-22 15:55 . 2008-05-22 15:55 <DIR> d-------- C:\Program Files\Java
2008-05-22 15:55 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-22 15:54 . 2008-05-22 15:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-22 15:45 . 2008-05-22 15:45 <DIR> d-------- C:\Program Files\PSPad editor
2008-05-22 15:45 . 2008-05-22 15:45 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\PSpad
2008-05-22 00:13 . 2008-05-22 00:13 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\Sports Interactive
2008-05-21 18:30 . 2008-05-31 10:51 187 --a------ C:\WINDOWS\wcx_ftp.ini
2008-05-21 18:22 . 2008-05-21 18:24 <DIR> d-------- C:\Program Files\totalcmd
2008-05-21 18:22 . 2008-05-31 12:12 2,354 --a------ C:\WINDOWS\wincmd.ini
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-05-21 16:08 . 2008-05-21 16:09 <DIR> d-------- C:\WINDOWS\UbiSoft
2008-05-21 16:06 . 2008-05-21 16:06 <DIR> d-------- C:\Program Files\D-Tools
2008-05-21 16:06 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-05-21 16:06 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-05-21 16:05 . 2008-05-21 16:05 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-20 13:16 . 2008-03-01 15:02 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-20 13:16 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-20 13:16 . 2007-03-08 07:09 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-20 13:16 . 2008-03-01 15:02 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-20 13:16 . 2008-03-01 15:02 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-20 13:16 . 2008-03-01 15:02 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-20 13:16 . 2008-03-01 15:02 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-20 13:16 . 2008-03-01 15:02 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-20 13:16 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-20 13:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-20 13:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-19 17:54 . 2008-05-20 17:00 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-05-19 17:03 . 2004-08-03 22:32 84,480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2008-05-19 17:03 . 2004-08-03 22:32 84,480 --a--c--- C:\WINDOWS\system32\dllcache\ac97via.sys
2008-05-19 16:52 . 2008-05-28 13:40 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-19 16:42 . 2008-05-19 16:42 <DIR> d---s---- C:\Documents and Settings\Desktop\UserData
2008-05-19 16:38 . 2008-05-19 16:38 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-19 16:38 . 2008-05-19 16:38 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-19 16:38 . 2008-05-19 16:38 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-18 14:03 . 2008-05-18 14:03 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\ATI
2008-05-18 14:03 . 2008-05-18 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ATI
2008-05-15 20:37 . 2008-05-15 20:37 <DIR> d-------- C:\Program Files\Miranda IM
2008-05-15 20:37 . 2008-05-15 20:37 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\Miranda
2008-05-15 20:33 . 2008-05-15 20:33 <DIR> d-------- C:\Program Files\VIA
2008-05-15 20:33 . 2004-05-18 10:55 74,112 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys
2008-05-15 20:32 . 2008-05-15 20:32 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-05-15 20:32 . 2008-05-15 20:32 <DIR> d-------- C:\Program Files\AvRack
2008-05-15 20:31 . 2008-05-15 20:31 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-05-15 20:31 . 2004-12-02 10:36 70,912 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys
2008-05-15 20:30 . 2008-05-15 20:30 <DIR> d-------- C:\Program Files\AMD
2008-05-15 20:30 . 2004-08-11 16:30 39,424 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-05-15 20:29 . 2008-05-15 20:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-15 20:27 . 2004-10-05 16:54 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-15 20:14 . 2008-05-15 20:32 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 20:14 . 2008-05-15 20:15 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-15 20:14 . 2008-03-28 21:05 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-05-15 20:13 . 2008-05-15 20:33 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-15 20:13 . 2008-05-15 20:13 <DIR> d-------- C:\ATI
2008-05-15 20:08 . 2008-05-15 20:08 <DIR> d-------- C:\Program Files\TV JOJ Media Player
2008-05-15 20:01 . 2008-05-15 20:01 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\TV JOJ Media Player
2008-05-15 19:57 . 2008-05-31 10:21 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\skypePM
2008-05-15 19:57 . 2008-05-31 13:35 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\Skype
2008-05-15 19:57 . 2008-05-15 19:57 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-15 19:54 . 2008-05-15 19:54 <DIR> d-------- C:\Program Files\Skype
2008-05-15 19:54 . 2008-05-15 19:54 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-15 19:54 . 2008-05-15 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2008-05-15 18:18 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-05-15 18:16 . 2004-08-17 17:49 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2008-05-15 18:16 . 2004-08-17 17:44 52,352 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-05-15 18:16 . 2004-08-04 01:07 46,464 --a------ C:\WINDOWS\system32\drivers\GAGP30KX.SYS
2008-05-15 18:16 . 2004-08-04 00:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-05-15 18:14 . 2008-05-31 12:49 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d--h----- C:\Documents and Settings\Default User\Okolní tiskárny
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d--h----- C:\Documents and Settings\Default User\Okolní síť
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\Default User\Oblíbené položky
2008-05-15 18:14 . 2008-05-15 16:22 <DIR> d--h----- C:\Documents and Settings\Default User\Šablony
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> dr------- C:\Documents and Settings\Default User\Nabídka Start
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\Default User\Dokumenty
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> dr-h----- C:\Documents and Settings\Default User\Data aplikací
2008-05-15 18:14 . 2008-05-21 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Plocha
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Oblíbené položky
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d--h----- C:\Documents and Settings\All Users\Šablony
2008-05-15 18:14 . 2008-05-19 17:32 <DIR> dr------- C:\Documents and Settings\All Users\Nabídka Start
2008-05-15 18:14 . 2008-05-22 00:13 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-05-15 18:14 . 2008-05-18 14:03 <DIR> dr-h----- C:\Documents and Settings\All Users\Data aplikací
2008-05-15 18:13 . 2008-05-15 16:28 261 --a------ C:\WINDOWS\system32\$winnt$.inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 15:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-15 14:38 --------- d-----w C:\Documents and Settings\Desktop\Data aplikací\Talkback
2008-05-15 14:26 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-26 12:01 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 14:00 15360]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2008-05-15 20:33:51 585728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Miranda IM\\miranda32.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 14:00]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 13:36:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-31 13:37:12
ComboFix-quarantined-files.txt 2008-05-31 11:37:09
ComboFix2.txt 2008-05-31 10:49:46
Adresářů: 6, Volných bajtů: 29,347,041,280
Adresářů: 7, Volných bajtů: 29,340,643,328
189 --- E O F --- 2008-05-28 15:00:25
+ novy HJT: Kód: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:22, on 31.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Desktop\Dokumenty\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211211117171
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
--
End of file - 3266 bytes
btw: neviem ci je to dobre ale vzdy po ComboFix logu sa mi hodi ako primarny prehliadac IE , a po spusteni FF sa ma pyta ci si prajem nastavit ako Primarny prehliadac...
|
|
|
este naskakuje chyba s tym modulom? a v prehliadacoch vyskakuju tie hlasky? Hjt log je cisty a v combofixu nic skodliveho nevidim,,,sice som po nocnej takzee 
//btw, na Mozille mozno mas poskodeny profil, tak si zaloz novy prikazom firefox -p, v Start-Spustit .. zalozky si exportujes a importujes do noveho profilu...
|
|
Registrovaný: 03.12.07
Prihlásený: 05.04.15
Príspevky: 49
Témy: 14
Bydlisko: Púchov | Napísal autor témy f0llower~: 31.05.2008 13:48 | |
|
nie uz nic nevyskakuje ani nic podobneho... a aj tie stranky co nesli nacitat nacita bezproblemov, dik moc 
ku tej Mozille, po tom prikaze sa otvori normal Mozilla, a s tymi zalozkami co tam mam aj teraz, proste ako keby ju otvorim, to mi vytvorilo novy profil ?
_________________
~raZer coppErhEad + raZer ManTiS pro spEEd~
| CPU: AMD Sempron 2500+ Palermo Edition 1,4GHz L1 64kB L2 256kB | GPU: ATi Radeon 9600 Professional 128MB 398/446MHz RV350 |
| RAM: Apacer tech. 256MB PC3200 DDR SDRAM (2.5-4-4-8@200MHz) | MB: GiGABYTE GA-K8VT800 VIA K8T800 Pro | HDD: Hitachi Deskstar 7K250 160GB 7200rpm SATA 8MB cache | DVD: PIONEER DVD-RW DVR-110D | KB: Chicony KB-9810 PS/2 | MS:Razer Copperhead 2000dpi USB | PSP: PlayStation Portable Slim Piano Black 333MHz 64MB RAM + SanDisk Memory 2GB | MT: Sony Ericsson K700i 42MB | |
|
|
rad som pomohol
//asi ti nevytvorilo novy profil, ked mas svoje zalozky
|
|
Registrovaný: 03.12.07
Prihlásený: 05.04.15
Príspevky: 49
Témy: 14
Bydlisko: Púchov | Napísal autor témy f0llower~: 31.05.2008 13:56 | |
|
muhehe tak ako nato ? Po otm prikaze sa normal otvori Mozilla ...
_________________
~raZer coppErhEad + raZer ManTiS pro spEEd~
| CPU: AMD Sempron 2500+ Palermo Edition 1,4GHz L1 64kB L2 256kB | GPU: ATi Radeon 9600 Professional 128MB 398/446MHz RV350 |
| RAM: Apacer tech. 256MB PC3200 DDR SDRAM (2.5-4-4-8@200MHz) | MB: GiGABYTE GA-K8VT800 VIA K8T800 Pro | HDD: Hitachi Deskstar 7K250 160GB 7200rpm SATA 8MB cache | DVD: PIONEER DVD-RW DVR-110D | KB: Chicony KB-9810 PS/2 | MS:Razer Copperhead 2000dpi USB | PSP: PlayStation Portable Slim Piano Black 333MHz 64MB RAM + SanDisk Memory 2GB | MT: Sony Ericsson K700i 42MB | |
|
|
firefox.exe -p ale ak ide vsetko OK, nemusis vytvarat novy profil
|
|
Registrovaný: 03.12.07
Prihlásený: 05.04.15
Príspevky: 49
Témy: 14
Bydlisko: Púchov | Napísal autor témy f0llower~: 31.05.2008 14:00 | |
|
No uz som vytvoril novy profil, fakt diky moc 
Neslo to preto lebo som mal spusteny FF na pozadi
|
|
Registrovaný: 03.12.07
Prihlásený: 05.04.15
Príspevky: 49
Témy: 14
Bydlisko: Púchov | Napísal autor témy f0llower~: 05.06.2008 20:25 | |
|
Znova rovnaky problem, rovnake polozky v HJT to som fixol a znova to vybehlo cize zas treba ten ComboFix ale do toho sa bojim zasahovat
HJT Log:
Kód: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:24:30, on 5.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Documents and Settings\Desktop\Data aplikací\Thinstall\CSDATA\1000000600002i\svchost.exe
C:\Documents and Settings\Desktop\Data aplikací\Thinstall\CSDATA\1000000600002i\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Desktop\Dokumenty\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [BMbb236e3b] Rundll32.exe "C:\WINDOWS\system32\wfjjsnqe.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211211117171
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
--
End of file - 3611 bytes
ComboFix log hodim neskor teraz si nemozem dovolit restart okolo 21:00 pridam Combo log.
_________________
~raZer coppErhEad + raZer ManTiS pro spEEd~
| CPU: AMD Sempron 2500+ Palermo Edition 1,4GHz L1 64kB L2 256kB | GPU: ATi Radeon 9600 Professional 128MB 398/446MHz RV350 |
| RAM: Apacer tech. 256MB PC3200 DDR SDRAM (2.5-4-4-8@200MHz) | MB: GiGABYTE GA-K8VT800 VIA K8T800 Pro | HDD: Hitachi Deskstar 7K250 160GB 7200rpm SATA 8MB cache | DVD: PIONEER DVD-RW DVR-110D | KB: Chicony KB-9810 PS/2 | MS:Razer Copperhead 2000dpi USB | PSP: PlayStation Portable Slim Piano Black 333MHz 64MB RAM + SanDisk Memory 2GB | MT: Sony Ericsson K700i 42MB | |
|
Registrovaný: 03.12.07
Prihlásený: 05.04.15
Príspevky: 49
Témy: 14
Bydlisko: Púchov | Napísal autor témy f0llower~: 05.06.2008 20:37 | |
|
Tak dosiel som nato co to robi... infikovany je Photoshop Portable po jeho spusteni toto zacalo naskakovat takze na 99% je to on...
log s Comba aj najnovsi HJT editnem v tomto poste ...
LOG HJT :
Kód: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:39, on 5.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Desktop\Dokumenty\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [BMbb236e3b] Rundll32.exe "C:\WINDOWS\system32\wfjjsnqe.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211211117171
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
--
End of file - 3314 bytes
LOG COMBOFIX: Kód: ComboFix 08-05-29.1 - Desktop 2008-06-05 20:46:55.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.263 [GMT 2:00]
Running from: C:\Documents and Settings\Desktop\Plocha\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMbb236e3b.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ceNVwGgh.ini
C:\WINDOWS\system32\ceNVwGgh.ini2
C:\WINDOWS\system32\hgGwVNec.dll
C:\WINDOWS\system32\ossuexrb.exe
C:\WINDOWS\system32\pyoqemnv.ini
C:\WINDOWS\system32\vnmeqoyp.dll
C:\WINDOWS\system32\vtUoMfeB.dll
C:\WINDOWS\system32\wfjjsnqe.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.
2008-06-05 20:15 . 2008-06-05 20:15 <DIR> d-------- C:\Program Files\TV JOJ Media Player
2008-06-01 22:13 . 2008-06-01 22:13 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-01 22:13 . 2008-06-01 22:13 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-01 22:11 . 2008-06-01 22:11 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-01 22:11 . 2008-06-01 22:11 <DIR> dr-h----- C:\MSOCache
2008-05-31 00:57 . 2008-05-31 00:57 98,351 ---h----- C:\treeinfo.wc
2008-05-30 21:12 . 2008-05-30 21:12 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-28 22:36 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2008-05-28 22:36 . 2004-08-03 23:00 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-05-25 22:37 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-23 00:04 . 2008-05-23 00:04 <DIR> d-------- C:\Program Files\ffdshow
2008-05-23 00:04 . 2008-05-04 12:28 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-23 00:04 . 2008-05-04 12:28 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-23 00:04 . 2008-05-04 12:28 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-23 00:04 . 2008-05-04 12:28 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-23 00:04 . 2008-05-04 12:28 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-05-23 00:04 . 2008-05-04 12:28 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-22 15:56 . 2008-05-22 15:56 <DIR> d-------- C:\WINDOWS\Sun
2008-05-22 15:55 . 2008-05-22 15:55 <DIR> d-------- C:\Program Files\Java
2008-05-22 15:55 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-22 15:54 . 2008-05-22 15:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-22 15:45 . 2008-05-22 15:45 <DIR> d-------- C:\Program Files\PSPad editor
2008-05-21 18:30 . 2008-06-02 20:24 187 --a------ C:\WINDOWS\wcx_ftp.ini
2008-05-21 18:22 . 2008-05-21 18:24 <DIR> d-------- C:\Program Files\totalcmd
2008-05-21 18:22 . 2008-06-02 20:51 2,373 --a------ C:\WINDOWS\wincmd.ini
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-05-21 16:08 . 2008-05-21 16:09 <DIR> d-------- C:\WINDOWS\UbiSoft
2008-05-21 16:06 . 2008-05-21 16:06 <DIR> d-------- C:\Program Files\D-Tools
2008-05-21 16:06 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-05-21 16:06 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-05-21 16:05 . 2008-05-21 16:05 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-20 13:16 . 2008-03-01 15:02 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-20 13:16 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-20 13:16 . 2007-03-08 07:09 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-20 13:16 . 2008-03-01 15:02 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-20 13:16 . 2008-03-01 15:02 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-20 13:16 . 2008-03-01 15:02 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-20 13:16 . 2008-03-01 15:02 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-20 13:16 . 2008-03-01 15:02 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-20 13:16 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-20 13:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-20 13:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-19 17:54 . 2008-05-20 17:00 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-05-19 17:03 . 2004-08-03 22:32 84,480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2008-05-19 17:03 . 2004-08-03 22:32 84,480 --a--c--- C:\WINDOWS\system32\dllcache\ac97via.sys
2008-05-19 16:52 . 2008-05-28 13:40 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-19 16:42 . 2008-05-19 16:42 <DIR> d---s---- C:\Documents and Settings\Desktop\UserData
2008-05-19 16:38 . 2008-05-19 16:38 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-19 16:38 . 2008-05-19 16:38 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-19 16:38 . 2008-05-19 16:38 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-15 20:37 . 2008-05-15 20:37 <DIR> d-------- C:\Program Files\Miranda IM
2008-05-15 20:33 . 2008-05-15 20:33 <DIR> d-------- C:\Program Files\VIA
2008-05-15 20:33 . 2004-05-18 10:55 74,112 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys
2008-05-15 20:32 . 2008-05-15 20:32 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-05-15 20:32 . 2008-05-15 20:32 <DIR> d-------- C:\Program Files\AvRack
2008-05-15 20:31 . 2008-05-15 20:31 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-05-15 20:31 . 2004-12-02 10:36 70,912 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys
2008-05-15 20:30 . 2008-05-15 20:30 <DIR> d-------- C:\Program Files\AMD
2008-05-15 20:30 . 2004-08-11 16:30 39,424 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-05-15 20:29 . 2008-05-15 20:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-15 20:27 . 2004-10-05 16:54 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-15 20:14 . 2008-05-15 20:32 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 20:14 . 2008-05-15 20:15 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-15 20:14 . 2008-03-28 21:05 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-05-15 20:13 . 2008-05-15 20:33 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-15 20:13 . 2008-05-15 20:13 <DIR> d-------- C:\ATI
2008-05-15 19:57 . 2008-05-15 19:57 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-15 19:54 . 2008-05-15 19:54 <DIR> d-------- C:\Program Files\Skype
2008-05-15 19:54 . 2008-05-15 19:54 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-15 18:18 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-05-15 18:16 . 2004-08-17 17:49 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2008-05-15 18:16 . 2004-08-17 17:44 52,352 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-05-15 18:16 . 2004-08-04 01:07 46,464 --a------ C:\WINDOWS\system32\drivers\GAGP30KX.SYS
2008-05-15 18:16 . 2004-08-04 00:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-05-15 18:14 . 2008-06-05 20:35 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-05-15 18:14 . 2008-05-15 16:22 <DIR> d--h----- C:\Documents and Settings\Default User\ćablony
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ tisk rny
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ sˇś
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\Default User\Oblˇben‚ polo§ky
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> dr------- C:\Documents and Settings\Default User\Nabˇdka Start
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\Default User\Dokumenty
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> dr-h----- C:\Documents and Settings\Default User\Data aplikacˇ
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d--h----- C:\Documents and Settings\All Users\ćablony
2008-05-15 18:14 . 2008-05-21 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Plocha
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Oblˇben‚ polo§ky
2008-05-15 18:14 . 2008-05-19 17:32 <DIR> dr------- C:\Documents and Settings\All Users\Nabˇdka Start
2008-05-15 18:14 . 2008-05-22 00:13 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-05-15 18:14 . 2008-06-01 22:11 <DIR> dr-h----- C:\Documents and Settings\All Users\Data aplikacˇ
2008-05-15 18:13 . 2008-05-15 16:28 261 --a------ C:\WINDOWS\system32\$winnt$.inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 15:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-15 14:26 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-31_12.49.32.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-01 20:13:44 110,592 ----a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-06-01 20:13:44 4,608 ----a-w C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2008-06-01 20:13:43 8,007,680 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-06-01 20:13:14 80,696 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2008-06-01 20:13:27 1,276,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-06-01 20:13:28 150,320 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2008-06-01 20:13:28 248,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-06-01 20:13:28 20,280 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2008-06-01 20:13:28 781,104 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-06-01 20:13:43 13,312 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2008-06-01 20:13:27 371,496 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2008-06-01 20:13:28 64,288 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-06-01 20:13:42 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2008-06-01 20:13:44 4,096 ----a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2008-06-01 20:13:28 416,544 ----a-w C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-06-01 20:13:15 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2008-06-01 20:13:31 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2008-06-01 20:13:36 12,112 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2008-06-01 20:13:31 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2008-06-01 20:13:38 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2008-06-01 20:13:32 12,080 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2008-06-01 20:13:32 11,544 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2008-06-01 20:13:43 16,384 ----a-w C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
- 2008-05-31 10:48:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 18:48:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-10-27 13:07:36 17,891,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109210000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-09-15 14:25:18 3,611,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109210000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-27 13:23:04 347,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109210000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-27 13:11:38 4,235,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109210000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 13:11:36 21,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109210000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 13:23:08 17,483,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109210000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 19:13:08 14,674,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109210000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-26 19:17:08 11,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109210000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2008-06-02 15:01:32 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-06-02 15:01:32 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2008-06-02 15:01:32 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-06-02 15:01:32 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-06-02 15:01:32 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-06-02 15:01:32 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-06-02 15:01:32 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-06-02 15:01:32 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-06-01 20:11:37 220,504 ----a-r C:\WINDOWS\Installer\{90120000-006E-041B-0000-0000000FF1CE}\misc.exe
+ 2006-10-26 12:10:08 1,190,688 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2006-10-26 12:10:06 33,088 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2008-05-19 15:59:05 95,072 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-02 04:58:03 140,440 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2006-10-26 11:45:04 207,360 ----a-w C:\WINDOWS\system32\INKED.DLL
+ 2006-07-24 08:50:38 125,744 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL
+ 2006-07-24 08:50:40 39,728 ----a-w C:\WINDOWS\system32\SCP32.DLL
+ 2006-07-24 08:50:40 47,920 ----a-w C:\WINDOWS\system32\VBAME.DLL
+ 2006-10-26 11:45:04 293,376 ----a-w C:\WINDOWS\system32\WISPTIS.EXE
+ 2008-06-05 18:49:23 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_b38.dat
+ 2006-10-26 11:40:34 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2006-10-26 11:40:36 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2006-10-26 11:40:36 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 11:40:36 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2006-10-26 11:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-10-26 11:40:36 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 11:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 11:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 11:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 11:40:36 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 11:40:36 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 11:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 11:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 11:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Miranda IM\\miranda32.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 14:00]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 20:49:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-06-05 20:50:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-05 18:50:24
ComboFix2.txt 2008-05-31 11:37:13
ComboFix3.txt 2008-05-31 10:49:46
Adresářů: 6, Volných bajtů: 27,302,305,792
Adres ý…: 9, Volněch bajt…: 27,330,592,768
260 --- E O F --- 2008-06-02 15:01:33
Pls poradte nech sa tej havedi zbavim ... nasledne niaky dobry fw ? Chcem to skombinovat s Avirou aby som mal co najlepsiu ochranu co odporucate ? Jetico, Comodo ? A pripadne pocul som o sandboxie ze to je skoro 100% ochrana tak ako sa to da nastavit v tom ktorom FW ktori poradite ...
Thx
|
|
|
stiahni si ccleaner, zaskrtni komplet polozky, precisti nim registre a zasli znova logy..
a ked budes robit combofix, tak s tymto scriptom:
Kód: File::
C:\Documents and Settings\Desktop\Data aplikací\Thinstall\CSDATA\1000000600002i\svchost.exe
|
|
Registrovaný: 03.12.07
Prihlásený: 05.04.15
Príspevky: 49
Témy: 14
Bydlisko: Púchov | Napísal autor témy f0llower~: 05.06.2008 21:12 | |
|
prebehnute CCleanerom + LOG S COMBOFIX:
Kód: ComboFix 08-05-29.1 - Desktop 2008-06-05 21:09:51.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.246 [GMT 2:00]
Running from: C:\Documents and Settings\Desktop\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Desktop\Plocha\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\Documents and Settings\Desktop\Data aplikací\Thinstall\CSDATA\1000000600002i\svchost.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.
2008-06-05 21:06 . 2008-06-05 21:06 <DIR> d-------- C:\Program Files\CCleaner
2008-06-05 20:15 . 2008-06-05 20:15 <DIR> d-------- C:\Program Files\TV JOJ Media Player
2008-06-01 22:13 . 2008-06-01 22:13 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-01 22:13 . 2008-06-01 22:13 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-01 22:11 . 2008-06-01 22:11 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-01 22:11 . 2008-06-01 22:11 <DIR> dr-h----- C:\MSOCache
2008-06-01 22:11 . 2008-06-02 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-05-31 00:57 . 2008-05-31 00:57 98,351 ---h----- C:\treeinfo.wc
2008-05-30 22:09 . 2008-05-30 22:09 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\Thinstall
2008-05-30 21:12 . 2008-05-30 21:12 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-28 22:36 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2008-05-28 22:36 . 2004-08-03 23:00 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-05-25 22:37 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-24 16:31 . 2008-05-25 15:27 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\DMCache
2008-05-23 00:04 . 2008-05-23 00:04 <DIR> d-------- C:\Program Files\ffdshow
2008-05-23 00:04 . 2008-05-04 12:28 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-23 00:04 . 2008-05-04 12:28 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-23 00:04 . 2008-05-04 12:28 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-23 00:04 . 2008-05-04 12:28 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-23 00:04 . 2008-05-04 12:28 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-05-23 00:04 . 2008-05-04 12:28 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-22 15:56 . 2008-05-22 15:56 <DIR> d-------- C:\WINDOWS\Sun
2008-05-22 15:55 . 2008-05-22 15:55 <DIR> d-------- C:\Program Files\Java
2008-05-22 15:55 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-22 15:54 . 2008-05-22 15:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-22 15:45 . 2008-05-22 15:45 <DIR> d-------- C:\Program Files\PSPad editor
2008-05-22 15:45 . 2008-05-22 15:45 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\PSpad
2008-05-22 00:13 . 2008-05-22 00:13 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\Sports Interactive
2008-05-21 18:30 . 2008-06-02 20:24 187 --a------ C:\WINDOWS\wcx_ftp.ini
2008-05-21 18:22 . 2008-05-21 18:24 <DIR> d-------- C:\Program Files\totalcmd
2008-05-21 18:22 . 2008-06-02 20:51 2,373 --a------ C:\WINDOWS\wincmd.ini
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-05-21 16:08 . 2008-05-21 16:09 <DIR> d-------- C:\WINDOWS\UbiSoft
2008-05-21 16:06 . 2008-05-21 16:06 <DIR> d-------- C:\Program Files\D-Tools
2008-05-21 16:06 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-05-21 16:06 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-05-21 16:05 . 2008-05-21 16:05 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-20 13:16 . 2008-03-01 15:02 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-20 13:16 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-20 13:16 . 2007-03-08 07:09 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-20 13:16 . 2008-03-01 15:02 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-20 13:16 . 2008-03-01 15:02 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-20 13:16 . 2008-03-01 15:02 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-20 13:16 . 2008-03-01 15:02 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-20 13:16 . 2008-03-01 15:02 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-20 13:16 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-20 13:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-20 13:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-19 17:54 . 2008-05-20 17:00 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-05-19 17:03 . 2004-08-03 22:32 84,480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2008-05-19 17:03 . 2004-08-03 22:32 84,480 --a--c--- C:\WINDOWS\system32\dllcache\ac97via.sys
2008-05-19 16:52 . 2008-05-28 13:40 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-19 16:42 . 2008-05-19 16:42 <DIR> d---s---- C:\Documents and Settings\Desktop\UserData
2008-05-19 16:38 . 2008-05-19 16:38 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-19 16:38 . 2008-05-19 16:38 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-19 16:38 . 2008-05-19 16:38 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-18 14:03 . 2008-05-18 14:03 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\ATI
2008-05-18 14:03 . 2008-05-18 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ATI
2008-05-15 20:37 . 2008-05-15 20:37 <DIR> d-------- C:\Program Files\Miranda IM
2008-05-15 20:37 . 2008-05-15 20:37 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\Miranda
2008-05-15 20:33 . 2008-05-15 20:33 <DIR> d-------- C:\Program Files\VIA
2008-05-15 20:33 . 2004-05-18 10:55 74,112 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys
2008-05-15 20:32 . 2008-05-15 20:32 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-05-15 20:32 . 2008-05-15 20:32 <DIR> d-------- C:\Program Files\AvRack
2008-05-15 20:31 . 2008-05-15 20:31 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-05-15 20:31 . 2004-12-02 10:36 70,912 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys
2008-05-15 20:30 . 2008-05-15 20:30 <DIR> d-------- C:\Program Files\AMD
2008-05-15 20:30 . 2004-08-11 16:30 39,424 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-05-15 20:29 . 2008-05-15 20:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-15 20:27 . 2004-10-05 16:54 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-15 20:14 . 2008-05-15 20:32 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 20:14 . 2008-05-15 20:15 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-15 20:14 . 2008-03-28 21:05 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-05-15 20:13 . 2008-05-15 20:33 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-15 20:13 . 2008-05-15 20:13 <DIR> d-------- C:\ATI
2008-05-15 20:01 . 2008-05-15 20:01 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\TV JOJ Media Player
2008-05-15 19:57 . 2008-06-05 20:38 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\skypePM
2008-05-15 19:57 . 2008-06-05 21:09 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\Skype
2008-05-15 19:57 . 2008-05-15 19:57 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-15 19:54 . 2008-05-15 19:54 <DIR> d-------- C:\Program Files\Skype
2008-05-15 19:54 . 2008-05-15 19:54 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-15 19:54 . 2008-05-15 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2008-05-15 18:18 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-05-15 18:16 . 2004-08-17 17:49 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2008-05-15 18:16 . 2004-08-17 17:44 52,352 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-05-15 18:16 . 2004-08-04 01:07 46,464 --a------ C:\WINDOWS\system32\drivers\GAGP30KX.SYS
2008-05-15 18:16 . 2004-08-04 00:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-05-15 18:14 . 2008-06-05 20:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d--h----- C:\Documents and Settings\Default User\Okolní tiskárny
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d--h----- C:\Documents and Settings\Default User\Okolní síť
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\Default User\Oblíbené položky
2008-05-15 18:14 . 2008-05-15 16:22 <DIR> d--h----- C:\Documents and Settings\Default User\Šablony
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> dr------- C:\Documents and Settings\Default User\Nabídka Start
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\Default User\Dokumenty
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> dr-h----- C:\Documents and Settings\Default User\Data aplikací
2008-05-15 18:14 . 2008-05-21 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Plocha
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Oblíbené položky
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d--h----- C:\Documents and Settings\All Users\Šablony
2008-05-15 18:14 . 2008-05-19 17:32 <DIR> dr------- C:\Documents and Settings\All Users\Nabídka Start
2008-05-15 18:14 . 2008-05-22 00:13 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-05-15 18:14 . 2008-06-01 22:11 <DIR> dr-h----- C:\Documents and Settings\All Users\Data aplikací
2008-05-15 18:13 . 2008-05-15 16:28 261 --a------ C:\WINDOWS\system32\$winnt$.inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 15:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-15 14:38 --------- d-----w C:\Documents and Settings\Desktop\Data aplikací\Talkback
2008-05-15 14:26 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 14:00 15360]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2008-05-15 20:33:51 585728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Miranda IM\\miranda32.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 14:00]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 21:10:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-05 21:10:54
ComboFix-quarantined-files.txt 2008-06-05 19:10:51
ComboFix2.txt 2008-06-05 18:50:28
ComboFix3.txt 2008-05-31 11:37:13
ComboFix4.txt 2008-05-31 10:49:46
Adresářů: 6, Volných bajtů: 27,364,683,776
Adresářů: 9, Volných bajtů: 27,356,680,192
187 --- E O F --- 2008-06-02 15:01:33
+ HJT LOG: Kód: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11:56, on 5.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Desktop\Dokumenty\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211211117171
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
--
End of file - 3272 bytes
Tak ? Uz je to ciste ? A ktori s tych FW ku Avire ?
btw: odchytil som tu stranku na ktoru ma to presmerovalo a bolo to tusim http://winanonymous.com alebo http://winanonymouse.com
|
|
|
este raz combo:
Kód: File::
C:\WINDOWS\system32\pthreadGC2.dll
|
|
Registrovaný: 03.12.07
Prihlásený: 05.04.15
Príspevky: 49
Témy: 14
Bydlisko: Púchov | Napísal autor témy f0llower~: 05.06.2008 21:29 | |
|
hotovo...
COMBO:
Kód: ComboFix 08-05-29.1 - Desktop 2008-06-05 21:26:45.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.177 [GMT 2:00]
Running from: C:\Documents and Settings\Desktop\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Desktop\Plocha\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\WINDOWS\system32\pthreadGC2.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\pthreadGC2.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.
2008-06-05 21:06 . 2008-06-05 21:06 <DIR> d-------- C:\Program Files\CCleaner
2008-06-05 20:15 . 2008-06-05 20:15 <DIR> d-------- C:\Program Files\TV JOJ Media Player
2008-06-01 22:13 . 2008-06-01 22:13 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-01 22:13 . 2008-06-01 22:13 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-01 22:11 . 2008-06-01 22:11 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-01 22:11 . 2008-06-01 22:11 <DIR> dr-h----- C:\MSOCache
2008-06-01 22:11 . 2008-06-02 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-05-31 00:57 . 2008-05-31 00:57 98,351 ---h----- C:\treeinfo.wc
2008-05-30 22:09 . 2008-05-30 22:09 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\Thinstall
2008-05-30 21:12 . 2008-05-30 21:12 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-28 22:36 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2008-05-28 22:36 . 2004-08-03 23:00 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-05-25 22:37 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-24 16:31 . 2008-05-25 15:27 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\DMCache
2008-05-23 00:04 . 2008-05-23 00:04 <DIR> d-------- C:\Program Files\ffdshow
2008-05-23 00:04 . 2008-05-04 12:28 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-23 00:04 . 2008-05-04 12:28 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-23 00:04 . 2008-05-04 12:28 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-23 00:04 . 2008-05-04 12:28 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-05-23 00:04 . 2008-05-04 12:28 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-22 15:56 . 2008-05-22 15:56 <DIR> d-------- C:\WINDOWS\Sun
2008-05-22 15:55 . 2008-05-22 15:55 <DIR> d-------- C:\Program Files\Java
2008-05-22 15:55 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-22 15:54 . 2008-05-22 15:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-22 15:45 . 2008-05-22 15:45 <DIR> d-------- C:\Program Files\PSPad editor
2008-05-22 15:45 . 2008-05-22 15:45 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\PSpad
2008-05-22 00:13 . 2008-05-22 00:13 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\Sports Interactive
2008-05-21 18:30 . 2008-06-02 20:24 187 --a------ C:\WINDOWS\wcx_ftp.ini
2008-05-21 18:22 . 2008-05-21 18:24 <DIR> d-------- C:\Program Files\totalcmd
2008-05-21 18:22 . 2008-06-02 20:51 2,373 --a------ C:\WINDOWS\wincmd.ini
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-05-21 18:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-05-21 16:08 . 2008-05-21 16:09 <DIR> d-------- C:\WINDOWS\UbiSoft
2008-05-21 16:06 . 2008-05-21 16:06 <DIR> d-------- C:\Program Files\D-Tools
2008-05-21 16:06 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-05-21 16:06 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-05-21 16:05 . 2008-05-21 16:05 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-20 13:16 . 2008-03-01 15:02 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-20 13:16 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-20 13:16 . 2007-03-08 07:09 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-20 13:16 . 2008-03-01 15:02 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-20 13:16 . 2008-03-01 15:02 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-20 13:16 . 2008-03-01 15:02 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-20 13:16 . 2008-03-01 15:02 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-20 13:16 . 2008-03-01 15:02 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-20 13:16 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-20 13:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-20 13:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-19 17:54 . 2008-05-20 17:00 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-05-19 17:03 . 2004-08-03 22:32 84,480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2008-05-19 17:03 . 2004-08-03 22:32 84,480 --a--c--- C:\WINDOWS\system32\dllcache\ac97via.sys
2008-05-19 16:52 . 2008-05-28 13:40 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-19 16:42 . 2008-05-19 16:42 <DIR> d---s---- C:\Documents and Settings\Desktop\UserData
2008-05-19 16:38 . 2008-05-19 16:38 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-19 16:38 . 2008-05-19 16:38 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-19 16:38 . 2008-05-19 16:38 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-18 14:03 . 2008-05-18 14:03 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\ATI
2008-05-18 14:03 . 2008-05-18 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ATI
2008-05-15 20:37 . 2008-05-15 20:37 <DIR> d-------- C:\Program Files\Miranda IM
2008-05-15 20:37 . 2008-05-15 20:37 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\Miranda
2008-05-15 20:33 . 2008-05-15 20:33 <DIR> d-------- C:\Program Files\VIA
2008-05-15 20:33 . 2004-05-18 10:55 74,112 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys
2008-05-15 20:32 . 2008-05-15 20:32 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-05-15 20:32 . 2008-05-15 20:32 <DIR> d-------- C:\Program Files\AvRack
2008-05-15 20:31 . 2008-05-15 20:31 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-05-15 20:31 . 2004-12-02 10:36 70,912 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys
2008-05-15 20:30 . 2008-05-15 20:30 <DIR> d-------- C:\Program Files\AMD
2008-05-15 20:30 . 2004-08-11 16:30 39,424 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-05-15 20:29 . 2008-05-15 20:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-15 20:27 . 2004-10-05 16:54 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-15 20:14 . 2008-05-15 20:32 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 20:14 . 2008-05-15 20:15 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-15 20:14 . 2008-03-28 21:05 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-05-15 20:13 . 2008-05-15 20:33 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-15 20:13 . 2008-05-15 20:13 <DIR> d-------- C:\ATI
2008-05-15 20:01 . 2008-05-15 20:01 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\TV JOJ Media Player
2008-05-15 19:57 . 2008-06-05 20:38 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\skypePM
2008-05-15 19:57 . 2008-06-05 21:09 <DIR> d-------- C:\Documents and Settings\Desktop\Data aplikací\Skype
2008-05-15 19:57 . 2008-05-15 19:57 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-15 19:54 . 2008-05-15 19:54 <DIR> d-------- C:\Program Files\Skype
2008-05-15 19:54 . 2008-05-15 19:54 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-15 19:54 . 2008-05-15 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2008-05-15 18:18 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-05-15 18:16 . 2004-08-17 17:49 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2008-05-15 18:16 . 2004-08-17 17:44 52,352 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-05-15 18:16 . 2004-08-04 01:07 46,464 --a------ C:\WINDOWS\system32\drivers\GAGP30KX.SYS
2008-05-15 18:16 . 2004-08-04 00:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-05-15 18:14 . 2008-06-05 20:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d--h----- C:\Documents and Settings\Default User\Okolní tiskárny
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d--h----- C:\Documents and Settings\Default User\Okolní síť
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\Default User\Oblíbené položky
2008-05-15 18:14 . 2008-05-15 16:22 <DIR> d--h----- C:\Documents and Settings\Default User\Šablony
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> dr------- C:\Documents and Settings\Default User\Nabídka Start
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\Default User\Dokumenty
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> dr-h----- C:\Documents and Settings\Default User\Data aplikací
2008-05-15 18:14 . 2008-05-21 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Plocha
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Oblíbené položky
2008-05-15 18:14 . 2008-05-15 18:14 <DIR> d--h----- C:\Documents and Settings\All Users\Šablony
2008-05-15 18:14 . 2008-05-19 17:32 <DIR> dr------- C:\Documents and Settings\All Users\Nabídka Start
2008-05-15 18:14 . 2008-05-22 00:13 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-05-15 18:14 . 2008-06-01 22:11 <DIR> dr-h----- C:\Documents and Settings\All Users\Data aplikací
2008-05-15 18:13 . 2008-05-15 16:28 261 --a------ C:\WINDOWS\system32\$winnt$.inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 15:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-15 14:38 --------- d-----w C:\Documents and Settings\Desktop\Data aplikací\Talkback
2008-05-15 14:26 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 14:00 15360]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2008-05-15 20:33:51 585728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Miranda IM\\miranda32.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 14:00]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 21:27:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-05 21:27:49
ComboFix-quarantined-files.txt 2008-06-05 19:27:46
ComboFix2.txt 2008-06-05 19:10:54
ComboFix3.txt 2008-06-05 18:50:28
ComboFix4.txt 2008-05-31 11:37:13
ComboFix5.txt 2008-05-31 10:49:46
Adresářů: 6, Volných bajtů: 27,547,688,960
Adresářů: 8, Volných bajtů: 27,541,618,688
191 --- E O F --- 2008-06-02 15:01:33
HJT: Kód: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:28, on 5.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Desktop\Dokumenty\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211211117171
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
--
End of file - 3272 bytes
Uz vsetko bezi ako ma, nic nevyskakuje, nacita vsetky stranky... Dakujem
|
|
|
daj si AV+FW + nejakym antispywarem prekontroluj PC...Avira je vyborna a comodo tiez, nemal som ich este spolu, tak dufam, ze nebudu robit problemy jeden druhemu...
|
|
Registrovaný: 03.12.07
Prihlásený: 05.04.15
Príspevky: 49
Témy: 14
Bydlisko: Púchov | Napísal autor témy f0llower~: 05.06.2008 21:37 | |
|
oki uz stahujem Aviru ... dik moc
_________________
~raZer coppErhEad + raZer ManTiS pro spEEd~
| CPU: AMD Sempron 2500+ Palermo Edition 1,4GHz L1 64kB L2 256kB | GPU: ATi Radeon 9600 Professional 128MB 398/446MHz RV350 |
| RAM: Apacer tech. 256MB PC3200 DDR SDRAM (2.5-4-4-8@200MHz) | MB: GiGABYTE GA-K8VT800 VIA K8T800 Pro | HDD: Hitachi Deskstar 7K250 160GB 7200rpm SATA 8MB cache | DVD: PIONEER DVD-RW DVR-110D | KB: Chicony KB-9810 PS/2 | MS:Razer Copperhead 2000dpi USB | PSP: PlayStation Portable Slim Piano Black 333MHz 64MB RAM + SanDisk Memory 2GB | MT: Sony Ericsson K700i 42MB | |
|
Registrovaný: 21.08.07
Prihlásený: 14.12.10
Príspevky: 61
Témy: 4
Bydlisko: ZiLiNa |
ok chcel by som poradit uz som tu dal aj log aj som to urobil cez ComboFix islo to ale zase nejde vyhadzovalo mi to ten WinAnonymous a mi ho to naistalovalo som to teda uninstal a teraz mi v mozzile nehcce ist google akoze stranka ide ale nechce nic vyhladat a nejde ani POKEC a ani nejdu mi otvorit niektore temy na PCFORE a mam inac NOD32 + Ad-Aware aj SpyBot S&D ale ten mi robi blbosti mohli by ste mi poradit thanks a vsetko ide bez problemov iba zec IE a cez ten ja chodit nechcem ..dik
_________________
každý človek zomrie, ale nie každý naozaj žije |
|
|
Dr.K@k@Bus píše: ok chcel by som poradit uz som tu dal aj log aj som to urobil cez ComboFix islo to ale zase nejde vyhadzovalo mi to ten WinAnonymous a mi ho to naistalovalo som to teda uninstal a teraz mi v mozzile nehcce ist google akoze stranka ide ale nechce nic vyhladat a nejde ani POKEC a ani nejdu mi otvorit niektore temy na PCFORE a mam inac NOD32 + Ad-Aware aj SpyBot S&D ale ten mi robi blbosti mohli by ste mi poradit thanks a vsetko ide bez problemov iba zec IE a cez ten ja chodit nechcem ..dik
ved si sa ani neozval co a ako a pokracuj tuna
http://www.pcforum.sk/kontrola-logu-vt39557.html#372003
|
|
Registrovaný: 21.08.07
Prihlásený: 14.12.10
Príspevky: 61
Témy: 4
Bydlisko: ZiLiNa |
no skoda ze co si tu dal ten link tam mi ho prehliadac nehcce otvorit 
_________________
každý človek zomrie, ale nie každý naozaj žije |
|
Registrovaný: 21.08.07
Prihlásený: 14.12.10
Príspevky: 61
Témy: 4
Bydlisko: ZiLiNa |
no skoda ze co si tu dal ten link tam mi ho prehliadac nehcce otvorit
_________________
každý človek zomrie, ale nie každý naozaj žije |
|
|
urob nove logy a vloz ich sem
|
|
Registrovaný: 21.08.07
Prihlásený: 14.12.10
Príspevky: 61
Témy: 4
Bydlisko: ZiLiNa |
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03, on 2008-06-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\MEDIAK~1\MagicKey.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\MEDIAK~1\OSD.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MagicKey] C:\PROGRA~1\MEDIAK~1\MagicKey.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\PC\Desktop\installer_sbd_en.exe
O4 - HKLM\..\Run: [54315571] rundll32.exe "C:\WINDOWS\system32\xwelsiwt.dll",b
O4 - HKLM\..\Run: [BM570266ed] Rundll32.exe "C:\WINDOWS\system32\tnjhsucd.dll",s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A4735C9C-6626-4386-9B93-2D9B79047AB8} (MediaPlugin Control) - http://www.joj.sk/fileadmin/joj_player/ ... Player.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 8360 bytes
tu je ten log novy
_________________
každý človek zomrie, ale nie každý naozaj žije |
|
|
spusti combofix s tymto scriptom:
Kód: File::
C:\WINDOWS\system32\xwelsiwt.dll
C:\WINDOWS\system32\tnjhsucd.dll
log vloz sem
|
|
| Stránka: 1 z 1
| [ Príspevkov: 26 ] | |
| Nemôžete zakladať nové témy v tomto fóre
Nemôžete odpovedať na témy v tomto fóre
Nemôžete upravovať svoje príspevky v tomto fóre
Nemôžete mazať svoje príspevky v tomto fóre
|
|
