Ok tak LOG zo mam.txt
Pozri (rb) c:
=================================
4:13.10.2007 10:45 54 mam.txt
5:13.10.2007 10:45 1˙395 zistim.bat
6:12.10.2007 23:40 157
CFScript_used_2007-10-12@23.43.txt
7:11.10.2007 22:49 1˙522˙185 ComboFix.exe
8:11.10.2007 22:47 7˙552 avatar_120_galactica_146.jpg
9:11.10.2007 21:37 525 Odkaz na WoW.lnk
10:11.10.2007 21:30 482 HAHA nejde.lnk
11:11.10.2007 19:31 130˙048 avenger.exe
12:11.10.2007 18:46 5˙632 Thumbs.db
13:11.10.2007 18:27 96˙978 VirtumundoBeGone.exe
14:11.10.2007 18:27 116˙224 VundoFix.exe
15:11.10.2007 16:16 1˙734 HijackThis.lnk
16:05.10.2007 17:09 715 Odkaz na Transformers.lnk
17:04.10.2007 14:15 38˙400 tutulutu.doc
18:29.09.2007 23:11 933 Spybot - Search & Destroy.lnk
19:17.09.2007 19:04 2˙559 Microsoft Word.lnk
20:16.09.2007 23:22 745 Odkaz na iexplore.lnk
21:14.09.2007 22:26 583 Odkaz na mirc.lnk
22:07.09.2007 17:57 593 Odkaz na WPE PRO.lnk
23:01.09.2007 23:21 622 Cheat Engine.lnk
24:20.08.2007 22:40 41˙472 omfgg.doc
25:20.08.2007 22:37 72˙704 omfg.doc
26:05.08.2007 14:24 582 ZipX.lnk
27:28.07.2007 22:05 607 Odkaz na speed.lnk
28:28.07.2007 15:58 579 Odkaz na nfsc.lnk
29:07.07.2007 17:28 759 YouTube Downloader.lnk
30:07.07.2007 14:28 159˙232 Zoznam Filmov.doc
31:25.06.2007 15:53 840 Navicat MySQL.lnk
32:24.06.2007 18:24 1˙607 Counter-Strike Source.lnk
33:24.06.2007 18:24 1˙607 Half-Life 2.lnk
34:24.06.2007 18:01 559 Steam.lnk
35:17.06.2007 20:57 91˙136 Moderně §ivotně çtěl.doc
36:15.06.2007 23:27 783 WC3Banlist.lnk
37:15.06.2007 14:04 775 BSplayer.lnk
38:15.06.2007 13:13 529 Odkaz na w3l.lnk
39:14.06.2007 23:31 848 Odkaz na Photoshop.lnk
40:14.06.2007 20:07 592 Opera.lnk
41:14.06.2007 18:31 548 Total Commander.lnk
42:14.06.2007 16:21 335 Odkaz na Moje dokumenty.lnk
43:14.06.2007 16:21 104 Odkaz na Tento poźˇtaź.lnk
44:12.06.2007 23:03 2˙052 Microsoft Excel.lnk
45:20.11.2006 15:46 909˙312 MPQEditor.exe
Skryte schovane priamo na c: (rb)
=================================
Zv„zok v jednotke C nem §iadnu menovku.
S‚riov‚ źˇslo zv„zku je 647A-3D47
Věpis adres ra c:\
11.10.2007 15:23 <DIR> $VAULT$.AVG
12.06.2007 22:20 211 boot.ini
10.10.2007 23:03 <DIR> Config.Msi
12.06.2007 22:26 0 IO.SYS
12.06.2007 22:26 0 MSDOS.SYS
03.08.2004 23:38 47˙564 NTDETECT.COM
03.08.2004 23:59 250˙032 ntldr
01.01.2003 00:01 1˙610˙612˙736 pagefile.sys
14.06.2007 20:10 <DIR> RECYCLER
13.06.2007 00:01 <DIR> System Volume Information
6 sŁborov, 1˙610˙910˙543 bajtov
4 adres rov, 58˙811˙215˙872 vo–něch bajtov
Pozri C:\WINDOWS co nove
=================================
4:13.10.2007 10:39 1˙921˙494 WindowsUpdate.log
5:13.10.2007 00:46 32˙592 SchedLgU.Txt
6:13.10.2007 00:02 3˙160 wincmd.ini
7:13.10.2007 00:02 407 wcx_ftp.ini
8:12.10.2007 22:59 411 wiadebug.log
9:11.10.2007 22:42 52 wiaservc.log
10:11.10.2007 22:04 846˙769 setupapi.log
11:11.10.2007 19:08 91˙394 ntbtlog.txt
12:11.10.2007 14:07 116 NeroDigital.ini
13:10.10.2007 21:24 737˙280 iun6002.exe
14:10.10.2007 20:02 738˙751 iis6.log
15:10.10.2007 20:02 227˙958 comsetup.log
16:10.10.2007 20:02 136˙220 ntdtcsetup.log
17:10.10.2007 20:02 300˙750 tsoc.log
18:10.10.2007 20:02 33˙285 tabletoc.log
19:10.10.2007 20:02 1˙393 imsins.log
20:10.10.2007 20:02 35˙769 ocmsn.log
21:10.10.2007 20:02 3˙810 KB906569.log
22:10.10.2007 20:01 114˙339 netfxocm.log
23:10.10.2007 20:01 315˙080 ocgen.log
24:10.10.2007 20:01 45˙262 MedCtrOC.log
25:10.10.2007 20:01 32˙698 msgsocm.log
26:10.10.2007 20:01 648˙370 FaxSetup.log
27:10.10.2007 20:01 205˙630 msmqinst.log
28:10.10.2007 14:57 13˙873 KB933729.log
29:10.10.2007 14:57 1˙393 imsins.BAK
30:10.10.2007 14:57 65˙759 updspapi.log
31:10.10.2007 14:56 23˙306 KB939653-IE7.log
32:10.10.2007 14:55 10˙315 KB941202.log
33:09.10.2007 02:32 95 wininit.ini
34:06.10.2007 15:20 337 WPE PRO.INI
35:06.10.2007 15:20 30 HexEditor_FindList.hed
36:05.10.2007 11:06 60˙416 ALCFDRTM.VER
37:30.09.2007 17:35 32 go
38:30.09.2007 17:28 32 hip
39:28.09.2007 19:06 23˙398 KB937143-IE7.log
40:28.09.2007 19:04 11˙799 KB938127-IE7.log
Pozri C:\WINDOWS\system32
=================================
4:13.10.2007 10:39 468˙802 perfh009.dat
5:13.10.2007 10:39 91˙564 perfc009.dat
6:13.10.2007 10:39 3˙464 PerfStringBackup.INI
7:11.10.2007 19:08 999 ppqss.ini
8:10.10.2007 22:00 138˙893 nvapps.xml
9:10.10.2007 21:15 664 d3d9caps.dat
10:07.10.2007 13:42 2˙574 rlnuacdr.ini
11:05.10.2007 10:07 279˙552 swreg.exe
12:01.10.2007 10:37 97 mcrh.tmp
13:30.09.2007 19:17 4˙647 jupdate-1.6.0_02-b06.log
14:30.09.2007 11:24 694˙501 gfuamqro.ini
15:29.09.2007 18:31 694˙081 dfgamdax.ini
16:29.09.2007 12:47 4˙212 zllictbl.dat
17:28.09.2007 18:27 693˙772 vhbbutox.ini
18:28.09.2007 13:32 16˙832 amcompat.tlb
19:28.09.2007 13:32 23˙392 nscompat.tlb
20:28.09.2007 07:19 18˙089˙592 MRT.exe
21:27.09.2007 19:34 249˙988 TZLog.log
22:27.09.2007 13:49 693˙421 sxpnfppd.ini
23:26.09.2007 19:30 694˙921 ldvsmwse.ini
24:26.09.2007 10:52 694˙741 hgblbeqy.ini
25:23.09.2007 20:21 693˙712 mkrcfrpc.ini
26:21.09.2007 12:55 221˙632 FNTCACHE.DAT
27:17.09.2007 01:24 356˙352 nvugart.exe
28:17.09.2007 01:24 356˙352 nvuide.exe
29:17.09.2007 01:24 356˙352 NVUNINST.EXE
30:17.09.2007 01:24 356˙352 nvusmb.exe
31:17.09.2007 01:07 413˙696 nvcpl.cpl
32:17.09.2007 01:07 8˙491˙008 nvcpl.dll
33:17.09.2007 01:07 753˙664 nvcplui.exe
34:17.09.2007 01:07 17˙525 nvdisp.nvu
35:17.09.2007 01:07 45˙056 nvmccsrs.dll
36:17.09.2007 01:07 1˙339˙392 nvdspsch.exe
37:17.09.2007 01:07 307˙200 nvexpbar.dll
38:17.09.2007 01:07 3˙334˙144 nvgames.dll
39:17.09.2007 01:07 147˙456 nvcolor.exe
40:17.09.2007 01:07 425˙984 keystone.exe
co s tym setup.exe (rb)
===============
log z hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:06, on 13.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.vokr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.sk/buxus/docs/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2417317-2635-4552-B035-BDF6F7975EC4}: NameServer = 193.58.193.11,195.12.128.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
--
End of file - 6896 bytes