Prosím o pomoc pri odvírení - kontrola Hijack a wmav

pistabaci · Napísal **pistabaci**: 23.06.2008 10:20

Dobrý deň,
mám zavírený počítač a moja snaha ho odvíriť je u konca, prosím o pomoc.
Ďakujem.

MWAV:
Soubor C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc1.msi//data0000.cab/is201964.exe//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc11\utils\Exam.exe je infikovaný virem Trojan.Win32.Shutdowner.is !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc2.msi//data0000.cab/is200053.exe//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc3.exe//data0000.cab/is154979.exe je infikovaný virem Backdoor.Win32.Poison.cpb !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc4.exe//data0000.cab/is202201.exe//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor E:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\De3\dap74cz.exe//UPX indentifikován jako "not-a-virus:AdWare.Win32.EShoper.k". Provedené akce: Ponecháno, neodstraněno!.
Soubor E:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\De3\dap74cz.rar/dap74cz.exe//UPX indentifikován jako "not-a-virus:AdWare.Win32.EShoper.k". Provedené akce: Ponecháno, neodstraněno!.

Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:18 AM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\SYSTEM32\Ati2evxx.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\windows\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\windows\mHotkey.exe
C:\Program Files\Eset\nod32kui.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\spywarebegone\SpywareBeGone.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\windows\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: InlineSearchHandleHotKeys Class - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\windows\system32\drivers\dcfssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 10498 bytes

yaJohny · Napísal **yaJohny**: 23.06.2008 10:39

zdravim, pouzi Combofix podla navodu: http://www.pcforum.sk/cistime-napadnuty ... 27265.html
a do scriptu vloz tento text:

Kód:

File::
C:\spywarebegone\SpywareBeGone.exe
C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc1.msi//data0000.cab/is201964.exe
C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc11\utils\Exam.exe
C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc2.msi//data0000.cab/is200053.exe
C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc3.exe//data0000.cab/is154979.exe
C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc4.exe//data0000.cab/is202201.exe
E:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\De3\dap74cz.exe
E:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\De3\dap74cz.rar/dap74cz.exe

Folder::
C:\spywarebegone

po skonceni testu, vloz sem log z combofixu

pistabaci · Napísal autor témy **pistabaci**: 23.06.2008 13:05

Pri spracovaní Combofix-u dalo hlašku :
Do not run any programs until ComboFix has finished .
Sorry ale neviem kde mam nejaky log do ktorého by som vložil Tebou zaslané files
zasielam Ti výpis txt :
ComboFix 08-06-20.4 - pistabaci 2008-06-23 12:36:25.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.214 [GMT 2:00]
Running from: C:\Documents and Settings\pistabaci\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\180search assistant\
C:\Program Files\180searchassistant\
C:\Program Files\2search\
C:\Program Files\Accoona\
C:\Program Files\AVSystemCare\
C:\Program Files\bravesentry\
C:\Program Files\BulletProofSoft.com\
C:\Program Files\ClientMan\
C:\Program Files\Common Files\cpush\
C:\Program Files\Common Files\drivecleaner free\
C:\Program Files\Common Files\KeenValue\
C:\Program Files\Common Files\sogou pxp\
C:\Program Files\CSBB\
C:\Program Files\DriveCleaner Free\
C:\Program Files\e2g\
C:\Program Files\HbTools\
C:\Program Files\Hotbar\
C:\Program Files\IEToolbar\
C:\Program Files\install provider\
C:\Program Files\instant access\
C:\Program Files\Instant Buzz\
C:\Program Files\ipwindows\
C:\Program Files\kuaiso toolsbar\
C:\Program Files\media-codec\
C:\Program Files\mmediacodec\
C:\Program Files\MyWebSearch\
C:\Program Files\newdotnet\
C:\Program Files\p4p\
C:\Program Files\PerfectCleaner\
C:\Program Files\PestTrap\
C:\Program Files\purityscan\
C:\Program Files\regifast\
C:\Program Files\seekmo\
C:\Program Files\SideFind\
C:\Program Files\spamblockerutility\
C:\Program Files\spysheriff\
C:\Program Files\Spytech Software\
C:\Program Files\starware\
C:\Program Files\stc\
C:\Program Files\SurfAccuracy\
C:\Program Files\surfsidekick 3\
C:\Program Files\toolbar888\
C:\Program Files\web buying\
C:\Program Files\webhancer\
C:\Program Files\WhenUSearch\
C:\Program Files\zango\
C:\windows\mc\
C:\windows\mslagent\
C:\windows\wincomp\
C:\windows\winmgts\
C:\windows\wintrim\
.
---- Previous Run -------
.
C:\Documents and Settings\pistabaci\Local Settings\Data aplikací\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\180search assistant\
C:\Program Files\180searchassistant\
C:\Program Files\2search\
C:\Program Files\Accoona\
C:\Program Files\AVSystemCare\
C:\Program Files\bravesentry\
C:\Program Files\BulletProofSoft.com\
C:\Program Files\ClientMan\
C:\Program Files\Common Files\cpush\
C:\Program Files\Common Files\drivecleaner free\
C:\Program Files\Common Files\KeenValue\
C:\Program Files\Common Files\sogou pxp\
C:\Program Files\Common Files\WinSoftware\
C:\Program Files\CSBB\
C:\Program Files\data19
C:\Program Files\dialers\
C:\Program Files\DriveCleaner Free\
C:\Program Files\e2g\
C:\Program Files\HbTools\
C:\Program Files\Hotbar\
C:\Program Files\IEToolbar\
C:\Program Files\install provider\
C:\Program Files\instant access\
C:\Program Files\Instant Buzz\
C:\Program Files\ipwindows\
C:\Program Files\kuaiso toolsbar\
C:\Program Files\media-codec\
C:\Program Files\mmediacodec\
C:\Program Files\MyWebSearch\
C:\Program Files\newdotnet\
C:\Program Files\p4p\
C:\Program Files\PerfectCleaner\
C:\Program Files\PestTrap\
C:\Program Files\purityscan\
C:\Program Files\regifast\
C:\Program Files\seekmo\
C:\Program Files\SideFind\
C:\Program Files\spamblockerutility\
C:\Program Files\spysheriff\
C:\Program Files\Spytech Software\
C:\Program Files\starware\
C:\Program Files\stc\
C:\Program Files\SurfAccuracy\
C:\Program Files\surfsidekick 3\
C:\Program Files\toolbar888\
C:\Program Files\web buying\
C:\Program Files\webhancer\
C:\Program Files\WhenUSearch\
C:\Program Files\zango\
C:\windows\mc\
C:\windows\mslagent\
C:\windows\msvrc20.dll
C:\windows\regedit.com
C:\windows\system32\avload32.dll
C:\windows\system32\axdebugl.dll
C:\windows\system32\bt848rom.dll
C:\windows\system32\cdscsix3.dll
C:\WINDOWS\system32\CJRsvyxx.ini
C:\WINDOWS\system32\CJRsvyxx.ini2
C:\windows\system32\ddirectz.dll
C:\windows\system32\directpt.dll
C:\windows\system32\directut.dll
C:\windows\system32\Dll.dll
C:\windows\system32\docent0.dll
C:\windows\system32\docent2.dll
C:\windows\system32\dvd4free.dll
C:\windows\system32\emldvc.dll
C:\WINDOWS\system32\EMnTuBeg.ini2
C:\windows\system32\extfpu.dll
C:\windows\system32\extxerox.dll
C:\windows\system32\flashdrvr.dll
C:\windows\system32\gatexkey.dll
C:\windows\system32\gdiwxp.dll
C:\windows\system32\gdwxp3.dll
C:\windows\system32\hpprintx.dll
C:\windows\system32\ideusr50.dll
C:\windows\system32\ies4dll.dll
C:\windows\system32\iesdl4l.dll
C:\WINDOWS\system32\IkUvyccf.ini2
C:\windows\system32\logon16x.dll
C:\windows\system32\lsd_f3.dll
C:\windows\system32\mcfCC4.dll
C:\windows\system32\mcfG7A.dll
C:\windows\system32\mdfpro.dll
C:\windows\system32\mmxeroxk.dll
C:\windows\system32\MSplg7.dll
C:\windows\system32\mTEhgMoq.ini
C:\WINDOWS\system32\mTEhgMoq.ini2
C:\windows\system32\nclabydll.dll
C:\windows\system32\nkunpack.dll
C:\windows\system32\nuclabdll.dll
C:\windows\system32\obbn13t.dll
C:\windows\system32\openglss.dll
C:\windows\system32\opVuCcfe.ini
C:\WINDOWS\system32\opVuCcfe.ini2
C:\windows\system32\printpnp.dll
C:\windows\system32\prw76sks.sys
C:\windows\system32\prwsks.dll
C:\windows\system32\psksds.dll
C:\windows\system32\rdrVR2.dll
C:\windows\system32\rsdapi.dll
C:\windows\system32\satau320.dll
C:\windows\system32\satdll.dll
C:\windows\system32\satmmc.dll
C:\windows\system32\sdcard98.dll
C:\windows\system32\se500mdm.dll
C:\windows\system32\se633mxx.dll
C:\windows\system32\sks2drvr.sys
C:\windows\system32\sksdll.dll
C:\windows\system32\taskmgr.com
C:\windows\system32\tcpG4T.dll
C:\windows\system32\tcpGDC.dll
C:\windows\system32\tcpwrk.dll
C:\windows\system32\wincom32.sys
C:\windows\system32\wndtx1.dll
C:\windows\system32\xcdmfree.dll
C:\windows\system32\zopenssl.dll
C:\windows\wincomp\
C:\windows\winmgts\
C:\windows\wintrim\

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MICROSOFT_LOADING_SERVICE

((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))
.

2019-11-26 14:11 . 2008-01-10 21:38 12 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-06-23 06:34 . 2008-06-23 06:35 <DIR> d-------- C:\Program Files\MZ U.T
2008-06-22 22:05 . 2008-06-22 22:05 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-06-22 22:05 . 2008-06-22 22:05 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-06-22 22:05 . 2008-06-22 22:05 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-06-22 22:05 . 2008-06-22 22:05 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-06-22 22:05 . 2008-06-22 22:05 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-06-22 22:02 . 2008-06-22 22:42 26 --a------ C:\WINDOWS\Lic.xxx
2008-06-22 12:05 . 2008-06-22 12:05 <DIR> d-------- C:\WINDOWS\PC Digital Safe
2008-06-22 11:54 . 2008-06-22 11:54 <DIR> d-------- C:\WINDOWS\Speeditup Free
2008-06-22 10:30 . 2008-06-22 10:30 <DIR> dr------- C:\Documents and Settings\Administrator\Dokumenty
2008-06-22 04:28 . 2008-06-22 06:24 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-06-21 07:00 . 2008-06-21 07:00 <DIR> d-------- C:\Program Files\Avira
2008-06-21 06:48 . 2008-06-21 06:48 <DIR> d-------- C:\Downloads
2008-06-21 06:09 . 2008-06-21 09:57 <DIR> d-------- C:\Documents and Settings\pistabaci\DoctorWeb
2008-06-21 01:05 . 2008-06-21 01:05 <DIR> d-------- C:\Program Files\Crawler
2008-06-20 23:20 . 2008-06-22 10:31 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-06-20 19:29 . 2008-06-20 19:29 274 -r-h----- C:\Program Files\pcprivacysoftware.com
2008-06-20 19:29 . 2008-06-20 19:29 274 -r-h----- C:\Program Files\malwarewipe.com
2008-06-20 19:29 . 2008-06-20 19:29 274 -r-h----- C:\Program Files\malwaresweeper.com
2008-06-20 19:29 . 2008-06-20 19:29 274 -r-h----- C:\Program Files\bulletproofsoft.com
2008-06-20 19:29 . 2008-06-20 19:29 274 -r-h----- C:\Program Files\adwareremovergold.com
2008-06-20 19:29 . 2008-06-20 19:29 242 -r-h----- C:\Program Files\vcom
2008-06-20 19:29 . 2008-06-20 19:29 242 -r-h----- C:\Program Files\scom
2008-06-20 19:29 . 2008-06-20 19:29 238 -r-h----- C:\Program Files\tbonbin
2008-06-20 19:29 . 2008-06-20 19:29 228 -r-h----- C:\Program Files\gator.com
2008-06-20 19:29 . 2008-06-20 19:29 222 -r-h----- C:\Program Files\hpdll
2008-06-19 00:31 . 2008-06-18 20:32 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-06-18 23:43 . 2008-06-23 12:25 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-18 23:43 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-18 23:43 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-18 23:43 . 2008-06-19 05:36 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-18 23:43 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-18 09:08 . 2008-06-18 09:08 <DIR> dr-hs---- C:\winstall.exe
2008-06-18 06:27 . 2008-06-18 06:45 <DIR> d-------- C:\Program Files\Rapidown
2008-06-17 10:13 . 2008-06-17 10:13 <DIR> d-------- C:\Program Files\SHOUTcast Source
2008-06-17 10:12 . 2008-06-17 10:20 <DIR> d-------- C:\Program Files\Zoom Player
2008-06-17 10:06 . 2008-06-17 10:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-17 10:06 . 2008-06-17 10:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-17 05:20 . 2008-06-22 16:40 <DIR> d-------- C:\Program Files\Malware Immunizer
2008-06-16 18:08 . 2008-06-16 18:08 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-06-16 18:08 . 2008-06-16 18:08 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-06-16 07:28 . 2008-06-16 07:28 <DIR> d-------- C:\Program Files\GRETECH
2008-06-14 19:57 . 2008-06-14 19:57 2,560 --a------ C:\WINDOWS\system32\settings.aaw
2008-06-14 19:57 . 2008-06-14 19:57 704 --a------ C:\WINDOWS\system32\history.aaw
2008-06-14 17:19 . 2008-06-14 20:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-12 14:13 . 2008-06-13 05:45 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-11 09:11 . 2008-06-14 19:23 <DIR> d-------- C:\Program Files\abcAVI
2008-06-09 20:46 . 2008-06-16 12:50 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2008-06-09 20:44 . 2008-06-09 20:44 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-08 10:44 . 2008-03-26 11:15 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-06-08 10:43 . 2008-06-08 10:43 <DIR> d-------- C:\Intel
2008-06-04 21:19 . 2008-06-08 06:33 526 --a------ C:\WINDOWS\ATICIM.INI
2008-06-04 20:00 . 2008-06-04 20:00 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-31 09:39 . 2008-05-31 09:39 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-26 18:42 . 2008-05-26 18:42 <DIR> d-------- C:\Program Files\Realtek AC97
2008-05-23 05:38 . 2008-05-23 05:38 <DIR> d-------- C:\dvbapp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 05:25 --------- d-----w C:\Program Files\Desktop Maestro
2008-06-22 14:19 --------- d-----w C:\Program Files\ApexDC++
2008-06-22 09:16 232 ---h--r C:\Program Files\Common Files\wintools
2008-06-22 09:16 232 ---h--r C:\Program Files\Common Files\winfixer 2006
2008-06-22 09:16 226 ---h--r C:\Program Files\Common Files\whenu
2008-06-21 01:42 --------- d-----w C:\Program Files\FlashFXP
2008-06-19 03:48 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-06-18 22:20 724,992 -c--a-w C:\windows\iun6002.exe
2008-06-18 18:00 --------- d-----w C:\Program Files\WhatsRunning
2008-06-18 07:09 248 ---h--r C:\Program Files\Common Files\eacceleration
2008-06-18 07:09 240 ---h--r C:\Program Files\Common Files\drivecleaner free
2008-06-18 07:09 236 ---h--r C:\Program Files\Common Files\nsis
2008-06-18 07:09 234 ---h--r C:\Program Files\Common Files\updmgr
2008-06-18 07:09 234 ---h--r C:\Program Files\Common Files\updater
2008-06-18 07:09 234 ---h--r C:\Program Files\Common Files\keenvalue
2008-06-18 07:09 232 ---h--r C:\Program Files\Common Files\wqzq
2008-06-18 07:09 230 ---h--r C:\Program Files\Common Files\msiets
2008-06-18 07:09 230 ---h--r C:\Program Files\Common Files\btlink
2008-06-18 07:09 226 ---h--r C:\Program Files\Common Files\ucontrol
2008-06-18 07:09 226 ---h--r C:\Program Files\Common Files\sogou pxp
2008-06-18 07:09 226 ---h--r C:\Program Files\Common Files\cpush
2008-06-18 07:08 246 ---h--r C:\Program Files\Common Files\betterinternet
2008-06-18 07:08 236 ---h--r C:\Program Files\Common Files\psd tools
2008-06-18 07:08 228 ---h--r C:\Program Files\Common Files\gmt
2008-06-18 07:08 228 ---h--r C:\Program Files\Common Files\cmeii
2008-06-18 04:16 --------- d-----w C:\Program Files\Ant Movie Catalog
2008-06-17 16:09 --------- d-----w C:\Program Files\Revo Uninstaller
2008-06-16 11:18 --------- d-----w C:\Program Files\Privacy Guardian
2008-06-16 05:19 --------- d-----w C:\Program Files\Google
2008-06-14 18:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-14 17:05 --------- d-----w C:\Program Files\Opera
2008-06-10 04:12 --------- d-----w C:\Program Files\Easy Duplicate Finder
2008-06-04 19:54 --------- d-----w C:\Program Files\GoQ - NetRadio
2008-06-04 19:04 --------- d-----w C:\Program Files\IsoBuster
2008-06-04 06:59 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-31 07:40 --------- d-----w C:\Program Files\Unlocker
2008-05-31 07:40 --------- d-----w C:\Program Files\CCleaner
2008-05-27 16:14 --------- d-----w C:\Program Files\uTorrent
2008-05-24 19:02 --------- d-----w C:\Program Files\MGrab
2008-05-22 08:06 --------- d-----w C:\Program Files\SpeedFan
2008-05-22 08:01 --------- d-----w C:\Program Files\SpeedFan(2)
2008-05-20 17:21 --------- d-----w C:\Program Files\IEPro
2008-05-20 09:20 --------- d-----w C:\Program Files\Lingea
2008-05-19 13:50 --------- d-----w C:\Program Files\Common Files\GTK
2008-05-16 14:34 --------- d-----w C:\Program Files\Glary Utilities
2008-05-15 04:51 --------- d-----w C:\Program Files\Malware Blocker
2008-05-14 08:18 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-12 13:31 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-12 13:23 --------- d-----w C:\Program Files\Common Files\Moonlight
2008-05-12 12:16 --------- d-----w C:\Program Files\Common Files\DBOXII
2008-05-12 12:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 10:07 --------- d-----w C:\Program Files\Moonlight Cordless
2008-05-12 07:43 --------- d-----w C:\Program Files\VideoInspector
2008-05-08 12:28 202,752 ----a-w C:\windows\system32\drivers\rmcast.sys
2008-05-05 18:46 27,048 ----a-w C:\windows\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\windows\system32\drivers\mbam.sys
2008-05-04 09:48 --------- d-----w C:\Program Files\IObit
2008-05-03 11:55 --------- d-----w C:\Program Files\Torrent Harvester
2008-05-02 04:53 --------- d-----w C:\Program Files\Foxit Software
2008-05-01 07:54 --------- d-----w C:\Program Files\xp-AntiSpy
2008-04-30 14:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-30 04:44 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-04-27 14:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-27 14:45 --------- d-----w C:\Program Files\Ahead
2008-04-27 14:44 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-27 11:56 --------- d-----w C:\Program Files\QuickTime
2008-04-27 05:46 --------- d-----w C:\Program Files\P2P_Torrent
2008-04-25 05:24 --------- d-----w C:\Program Files\NgrabLite
2008-04-24 22:52 51,520 -c--a-w C:\windows\system32\drivers\TfFsMon.sys
2008-04-24 22:52 38,208 -c--a-w C:\windows\system32\drivers\TfSysMon.sys
2008-04-24 22:52 33,088 -c--a-w C:\windows\system32\drivers\TfNetMon.sys
2008-04-24 22:52 12,608 -c--a-w C:\windows\system32\drivers\TfKbMon.sys
2008-04-24 18:03 --------- d-----w C:\Program Files\SubFind
2008-04-23 04:16 826,368 ----a-w C:\windows\system32\wininet.dll
2008-04-14 19:03 8,192 ----a-w C:\ntuser.dat
2008-03-31 21:25 682,496 ----a-w C:\windows\system32\divx.dll
2008-03-29 05:19 9,801,728 -c--a-w C:\windows\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\windows\system32\atiok3x2.dll
2008-03-29 04:05 372,736 -c--a-w C:\windows\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\windows\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\windows\system32\atipdlxx.dll
2008-03-29 03:56 126,976 -c--a-w C:\windows\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\windows\system32\ati2edxx.dll
2008-03-29 03:55 26,112 -c--a-w C:\windows\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\windows\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\windows\system32\ati2evxx.exe
2008-03-29 03:52 53,248 -c--a-w C:\windows\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\windows\system32\ati3duag.dll
2008-03-29 03:39 307,200 -c--a-w C:\windows\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\windows\system32\ativvaxx.dll
2008-03-29 03:24 46,080 -c--a-w C:\windows\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 -c--a-w C:\windows\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\windows\system32\atikvmag.dll
2008-03-29 03:19 17,408 -c--a-w C:\windows\system32\atitvo32.dll
2008-03-29 03:12 520,192 ----a-w C:\windows\system32\ati2cqag.dll
2008-03-28 19:05 593,920 ----a-w C:\windows\system32\ati2sgag.exe
2008-03-28 17:41 7,680 ----a-w C:\windows\system32\ff_vfw.dll
2008-03-25 09:39 270,336 ----a-w C:\windows\system32\imon.dll
2008-03-24 20:39 45,568 -c--a-w C:\windows\system32\avgfwdx.dll
2008-01-21 08:34 131,584 -c--a-w C:\Documents and Settings\pistabaci\ClamAVServer.dll
2005-01-28 14:15 73,728 -csha-w C:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2004-08-17 13:49 60,416 -csha-w C:\windows\ServicePackFiles\i386\msimn.exe
2006-09-10 09:08 56 -csha-r C:\windows\system32\40DD2715A3.sys
2006-05-03 09:06 163,328 -csha-r C:\windows\system32\flvDX.dll
2007-12-23 15:57 848 -csha-w C:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 -csha-r C:\windows\system32\msfDX.dll
2008-03-15 15:58 32,768 -csha-w C:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031520080316\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a--c--- C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
2008-04-09 13:03 1524248 --a------ C:\Program Files\The_Pirate_Bay\tbThe_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= "C:\Program Files\The_Pirate_Bay\tbThe_.dll" [2008-04-09 13:03 1524248]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= C:\Program Files\The_Pirate_Bay\tbThe_.dll [2008-04-09 13:03 1524248]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"Spyware Begone"="C:\spywarebegone\SpywareBeGone.exe" [2006-12-07 09:20 3712512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2002-07-05 17:37 491008 C:\WINDOWS\mHotkey.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-25 11:39 917504]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"O&O Defrag"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\Skype.exe"=
"C:\\Program Files\\MGrab\\MGrab.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\DCC-Sony\\DCC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"9999:TCP"= 9999:TCP:Strong DC++

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 TfFsMon;TfFsMon;C:\windows\system32\drivers\TfFsMon.sys [2008-04-25 00:52]
R0 TfSysMon;TfSysMon;C:\windows\system32\drivers\TfSysMon.sys [2008-04-25 00:52]
R1 fwdrv;Firewall Driver;C:\windows\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\windows\system32\drivers\khips.sys [2007-04-26 10:21]
R1 nltdi;nltdi;C:\windows\system32\drivers\nltdi.sys [2007-04-23 13:03]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" [2008-03-07 12:00]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-02-20 21:54]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 PSched;Plánovač paketů technologie QoS;C:\windows\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 Avgfwdx;Avgfwdx;C:\windows\system32\DRIVERS\avgfwdx.sys [2008-03-24 22:39]
S3 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwdx.sys [2008-03-24 22:39]
S3 kvpndev;Kerio VPN adapter;C:\windows\system32\DRIVERS\kvpndrv.sys [2008-01-16 09:58]
S3 NPF;NetGroup Packet Filter Driver;C:\windows\system32\drivers\npf.sys [2007-11-06 22:22]
S3 PLFF;USB Flash Disk Driver;C:\windows\system32\Drivers\PLFF.sys [2003-10-06 11:29]
S3 tap0901_2gm;VPN Anonymizer Adapter;C:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 16:21]
S3 TfNetMon;TfNetMon;C:\windows\system32\drivers\TfNetMon.sys [2008-04-25 00:52]
S3 TVICHW32;TVICHW32;C:\windows\system32\DRIVERS\TVICHW32.SYS [2007-01-18 14:38]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-20 15:17:11 C:\windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-06-16 14:30:01 C:\windows\Tasks\Advanced WindowsCare V2 Pro.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe
"2008-06-22 18:00:03 C:\windows\Tasks\AwcProUpdate.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro
"2008-06-23 09:56:05 C:\windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-23 10:49:09 C:\windows\Tasks\EasyShare Registration RunOnce Task.job"
- C:\windows\system32\rundll32.exesC:\DOCUME~1\ALLUSE~1\DATAAP~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOfferSilence@16
"2008-06-23 10:49:11 C:\windows\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
"2008-06-15 11:28:07 C:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-06 07:37:23 C:\windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-06 11:16:04 C:\windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-06-15 07:01:47 C:\windows\Tasks\Úklid 1 kliknutím.job"

Snáď mi budeš vedieť poradiť čo ďalej.
Vďaka

don jebot · Napísal **don jebot**: 23.06.2008 13:15

Ta hlaska znamenala aby si nic nespustal ... a mas cakat potom ti vyhodi log a aj cestu knemu..

pistabaci · Napísal autor témy **pistabaci**: 23.06.2008 14:11

vypadla mi este hlaska za tým : System nemôže najsť uvedeny subor a ten log nespracuje , niekde je zrada...

yaJohny · Napísal **yaJohny**: 23.06.2008 14:24

vypni si rezidentny antivir aj vsetky ostatne AV co mas prave spustene a vloz toto do scriptu ako predtym...log posli znova sem

Kód:

KillAll::

File::
C:\WINDOWS\Lic.xxx
C:\Program Files\pcprivacysoftware.com
C:\Program Files\malwarewipe.com
C:\Program Files\malwaresweeper.com
C:\Program Files\bulletproofsoft.com
C:\Program Files\adwareremovergold.com
C:\Program Files\gator.com
C:\Program Files\tbonbin
C:\Program Files\scom
C:\Program Files\vcom
C:\WINDOWS\ativpsrm.bin
C:\Program Files\Common Files\wintools
C:\WINDOWS\iun6002.exe
C:\windows\system32\40DD2715A3.sys

Folder::
C:\Program Files\MZ U.T
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe
C:\WINDOWS\Speeditup Free
C:\winstall.exe
C:\Program Files\Malware Immunizer
C:\Program Files\Common Files\WinTools
C:\Program Files\Common Files\winfixer 2006
C:\Program Files\Common Files\whenu
C:\Program Files\Common Files\eacceleration
C:\Program Files\Common Files\drivecleaner free
C:\Program Files\Common Files\nsis
C:\Program Files\Common Files\updmgr
C:\Program Files\Common Files\updater
C:\Program Files\Common Files\keenvalue
C:\Program Files\Common Files\wqzq
C:\Program Files\Common Files\msiets
C:\Program Files\Common Files\btlink
C:\Program Files\Common Files\ucontrol
C:\Program Files\Common Files\sogou pxp
C:\Program Files\Common Files\cpush
C:\Program Files\Common Files\betterinternet
C:\Program Files\Common Files\psd tools
C:\Program Files\Common Files\gmt
C:\Program Files\Common Files\cmeii

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Begone"=-

po skonceni testu, vloz sem log z combofixu

pistabaci · Napísal autor témy **pistabaci**: 23.06.2008 14:31

Prepáč ale ja neviem co je to script a log mi nespracuje keď môžeš nakontaktuj ma cez ICQ : 490145926.
Ďakujem

yaJohny · Napísal **yaJohny**: 23.06.2008 14:38

vypni si rezidentny antivir aj vsetky ostatne AV co mas prave spustene

potom skopírujte poslaný kód do poznámového bloku, uložte na ploche ako CFScript.txt a pretiahnite na ikonu Combofix-u.
Prosím o pomoc pri odvírení - kontrola Hijack a wmav

Prosím o pomoc pri odvírení - kontrola Hijack a wmav

Kód:

KillAll::

File::
C:\WINDOWS\Lic.xxx
C:\Program Files\pcprivacysoftware.com
C:\Program Files\malwarewipe.com
C:\Program Files\malwaresweeper.com
C:\Program Files\bulletproofsoft.com
C:\Program Files\adwareremovergold.com
C:\Program Files\gator.com
C:\Program Files\tbonbin
C:\Program Files\scom
C:\Program Files\vcom
C:\WINDOWS\ativpsrm.bin
C:\Program Files\Common Files\wintools
C:\WINDOWS\iun6002.exe
C:\windows\system32\40DD2715A3.sys
C:\spywarebegone\SpywareBeGone.exe 
C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc1.msi//data0000.cab/is201964.exe 
C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc11\utils\Exam.exe 
C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc2.msi//data0000.cab/is200053.exe 
C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc3.exe//data0000.cab/is154979.exe 
C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc4.exe//data0000.cab/is202201.exe 
E:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\De3\dap74cz.exe 
E:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\De3\dap74cz.rar/dap74cz.exe

Folder::
C:\spywarebegone
C:\Program Files\MZ U.T
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe
C:\WINDOWS\Speeditup Free
C:\winstall.exe
C:\Program Files\Malware Immunizer
C:\Program Files\Common Files\WinTools
C:\Program Files\Common Files\winfixer 2006
C:\Program Files\Common Files\whenu
C:\Program Files\Common Files\eacceleration
C:\Program Files\Common Files\drivecleaner free
C:\Program Files\Common Files\nsis
C:\Program Files\Common Files\updmgr
C:\Program Files\Common Files\updater
C:\Program Files\Common Files\keenvalue
C:\Program Files\Common Files\wqzq
C:\Program Files\Common Files\msiets
C:\Program Files\Common Files\btlink
C:\Program Files\Common Files\ucontrol
C:\Program Files\Common Files\sogou pxp
C:\Program Files\Common Files\cpush
C:\Program Files\Common Files\betterinternet
C:\Program Files\Common Files\psd tools
C:\Program Files\Common Files\gmt
C:\Program Files\Common Files\cmeii

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Begone"=-

po skonceni zase vyskoci log, ktory vloz sem

pistabaci · Napísal autor témy **pistabaci**: 23.06.2008 21:32

Žiaľ pri obrazovke C:\Find3M stále vypíše "Systém nemuže nalézt uvedený soubor" a obrazovka po čase zmizne bez toho aby vytvoril ten log.

yaJohny · Napísal **yaJohny**: 23.06.2008 21:47

urob to v nudzovom rezime

pistabaci · Napísal autor témy **pistabaci**: 24.06.2008 9:11

Už som niečo riadne pokefoval lebo rozsypala sa mi obrazovka a systém " Active Desctop ....." takže som rád že tam bola aspoň jedna obnova systému a žijem. Končím s ComboFixom asi je to len pre skúsenejších....Ako sa ho zbavím z kompu ?

:shit:

pistabaci · Napísal autor témy **pistabaci**: 24.06.2008 20:59

Po pol dni ma strach prešiel a spustil som ComboFix v núdzovom režime.

Prikladám výpis z ComboFix.txt :

ComboFix 08-06-20.4 - pistabaci 2008-06-24 20:28:07.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.202 [GMT 2:00]
Running from: C:\Documents and Settings\pistabaci\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\pistabaci\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\adwareremovergold.com
C:\Program Files\bulletproofsoft.com
C:\Program Files\Common Files\wintools
C:\Program Files\gator.com
C:\Program Files\malwaresweeper.com
C:\Program Files\malwarewipe.com
C:\Program Files\pcprivacysoftware.com
C:\Program Files\scom
C:\Program Files\tbonbin
C:\Program Files\vcom
C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc1.msi//data0000.cab/is201964.exe
C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc11\utils\Exam.exe
C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc2.msi//data0000.cab/is200053.exe
C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc3.exe//data0000.cab/is154979.exe
C:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\Dc4.exe//data0000.cab/is202201.exe
C:\spywarebegone\SpywareBeGone.exe
C:\WINDOWS\ativpsrm.bin
C:\WINDOWS\iun6002.exe
C:\WINDOWS\Lic.xxx
C:\windows\system32\40DD2715A3.sys
E:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\De3\dap74cz.exe
E:\RECYCLER\S-1-5-21-1993962763-1454471165-839522115-1003\De3\dap74cz.rar/dap74cz.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\180search assistant\
C:\Program Files\180searchassistant\
C:\Program Files\2search\
C:\Program Files\Accoona\
C:\Program Files\AVSystemCare\
C:\Program Files\bravesentry\
C:\Program Files\ClientMan\
C:\Program Files\Common Files\betterinternet\
C:\Program Files\Common Files\btlink\
C:\Program Files\Common Files\cmeii\
C:\Program Files\Common Files\cpush\
C:\Program Files\Common Files\drivecleaner free\
C:\Program Files\Common Files\eacceleration\
C:\Program Files\Common Files\gmt\
C:\Program Files\Common Files\KeenValue\
C:\Program Files\Common Files\msiets\
C:\Program Files\Common Files\nsis\
C:\Program Files\Common Files\psd tools\
C:\Program Files\Common Files\sogou pxp\
C:\Program Files\Common Files\ucontrol\
C:\Program Files\Common Files\updater\
C:\Program Files\Common Files\updmgr\
C:\Program Files\Common Files\whenu\
C:\Program Files\Common Files\winfixer 2006\
C:\Program Files\Common Files\wqzq\
C:\Program Files\CSBB\
C:\Program Files\DriveCleaner Free\
C:\Program Files\e2g\
C:\Program Files\HbTools\
C:\Program Files\Hotbar\
C:\Program Files\IEToolbar\
C:\Program Files\install provider\
C:\Program Files\instant access\
C:\Program Files\Instant Buzz\
C:\Program Files\ipwindows\
C:\Program Files\kuaiso toolsbar\
C:\Program Files\media-codec\
C:\Program Files\mmediacodec\
C:\Program Files\MyWebSearch\
C:\Program Files\newdotnet\
C:\Program Files\p4p\
C:\Program Files\PerfectCleaner\
C:\Program Files\PestTrap\
C:\Program Files\purityscan\
C:\Program Files\regifast\
C:\Program Files\seekmo\
C:\Program Files\SideFind\
C:\Program Files\spamblockerutility\
C:\Program Files\spysheriff\
C:\Program Files\Spytech Software\
C:\Program Files\starware\
C:\Program Files\stc\
C:\Program Files\SurfAccuracy\
C:\Program Files\surfsidekick 3\
C:\Program Files\toolbar888\
C:\Program Files\web buying\
C:\Program Files\webhancer\
C:\Program Files\WhenUSearch\
C:\Program Files\zango\
C:\WINDOWS\ativpsrm.bin
C:\windows\mc\
C:\windows\mslagent\
C:\windows\wincomp\
C:\windows\winmgts\
C:\windows\wintrim\
.
---- Previous Run -------
.
C:\Program Files\180search assistant\
C:\Program Files\180searchassistant\
C:\Program Files\2search\
C:\Program Files\Accoona\
C:\Program Files\AVSystemCare\
C:\Program Files\bravesentry\
C:\Program Files\ClientMan\
C:\Program Files\Common Files\cpush\
C:\Program Files\Common Files\drivecleaner free\
C:\Program Files\Common Files\KeenValue\
C:\Program Files\Common Files\sogou pxp\
C:\Program Files\CSBB\
C:\Program Files\DriveCleaner Free\
C:\Program Files\e2g\
C:\Program Files\HbTools\
C:\Program Files\Hotbar\
C:\Program Files\IEToolbar\
C:\Program Files\install provider\
C:\Program Files\instant access\
C:\Program Files\Instant Buzz\
C:\Program Files\ipwindows\
C:\Program Files\kuaiso toolsbar\
C:\Program Files\media-codec\
C:\Program Files\mmediacodec\
C:\Program Files\MyWebSearch\
C:\Program Files\newdotnet\
C:\Program Files\p4p\
C:\Program Files\PerfectCleaner\
C:\Program Files\PestTrap\
C:\Program Files\purityscan\
C:\Program Files\regifast\
C:\Program Files\seekmo\
C:\Program Files\SideFind\
C:\Program Files\spamblockerutility\
C:\Program Files\spysheriff\
C:\Program Files\Spytech Software\
C:\Program Files\starware\
C:\Program Files\stc\
C:\Program Files\SurfAccuracy\
C:\Program Files\surfsidekick 3\
C:\Program Files\toolbar888\
C:\Program Files\web buying\
C:\Program Files\webhancer\
C:\Program Files\WhenUSearch\
C:\Program Files\zango\
C:\windows\mc\
C:\windows\mslagent\
C:\windows\wincomp\
C:\windows\winmgts\
C:\windows\wintrim\

.
((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 )))))))))))))))))))))))))))))))
.

2019-11-26 14:11 . 2008-01-10 21:38 12 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-06-24 14:28 . 2008-06-24 19:54 330 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-23 20:53 . 2008-06-24 17:52 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-06-23 20:53 . 2008-06-23 20:53 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-22 12:05 . 2008-06-22 12:05 <DIR> d-------- C:\WINDOWS\PC Digital Safe
2008-06-22 10:30 . 2008-06-22 10:30 <DIR> dr------- C:\Documents and Settings\Administrator\Dokumenty
2008-06-22 04:28 . 2008-06-22 06:24 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-06-21 07:00 . 2008-06-21 07:00 <DIR> d-------- C:\Program Files\Avira
2008-06-21 06:09 . 2008-06-23 23:13 <DIR> d-------- C:\Documents and Settings\pistabaci\DoctorWeb
2008-06-21 01:05 . 2008-06-23 23:13 <DIR> d-------- C:\Program Files\Crawler
2008-06-20 23:20 . 2008-06-22 10:31 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-06-20 19:29 . 2008-06-20 19:29 222 -r-h----- C:\Program Files\hpdll
2008-06-19 00:31 . 2008-06-18 20:32 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-06-18 23:43 . 2008-06-24 04:52 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-18 23:43 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-18 23:43 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-18 23:43 . 2008-06-19 05:36 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-18 23:43 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-18 09:08 . 2008-06-18 09:08 <DIR> dr-hs---- C:\WINDOWS\zserv.dll
2008-06-18 06:27 . 2008-06-18 06:45 <DIR> d-------- C:\Program Files\Rapidown
2008-06-17 10:13 . 2008-06-17 10:13 <DIR> d-------- C:\Program Files\SHOUTcast Source
2008-06-17 10:12 . 2008-06-17 10:20 <DIR> d-------- C:\Program Files\Zoom Player
2008-06-17 10:06 . 2008-06-17 10:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-17 10:06 . 2008-06-17 10:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-16 18:08 . 2008-06-16 18:08 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-06-16 07:28 . 2008-06-16 07:28 <DIR> d-------- C:\Program Files\GRETECH
2008-06-14 19:57 . 2008-06-14 19:57 2,560 --a------ C:\WINDOWS\system32\settings.aaw
2008-06-14 19:57 . 2008-06-14 19:57 704 --a------ C:\WINDOWS\system32\history.aaw
2008-06-14 17:19 . 2008-06-14 20:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-12 14:13 . 2008-06-13 05:45 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-11 09:11 . 2008-06-14 19:23 <DIR> d-------- C:\Program Files\abcAVI
2008-06-09 20:46 . 2008-06-16 12:50 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2008-06-09 20:44 . 2008-06-09 20:44 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-08 10:44 . 2008-03-26 11:15 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-06-08 10:43 . 2008-06-08 10:43 <DIR> d-------- C:\Intel
2008-06-04 21:19 . 2008-06-08 06:33 526 --a------ C:\WINDOWS\ATICIM.INI
2008-06-04 20:00 . 2008-06-04 20:00 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-31 09:39 . 2008-05-31 09:39 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-26 18:42 . 2008-05-26 18:42 <DIR> d-------- C:\Program Files\Realtek AC97

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 04:27 --------- d-----w C:\Program Files\IObit
2008-06-24 03:05 --------- d-----w C:\Program Files\Wise Registry Cleaner
2008-06-23 23:16 --------- d-----w C:\Program Files\FlashFXP
2008-06-23 21:46 --------- d-----w C:\Program Files\Desktop Maestro
2008-06-23 21:14 --------- d-----w C:\Program Files\WhatsRunning
2008-06-23 21:13 --------- d-----w C:\Program Files\ApexDC++
2008-06-22 09:16 232 ---h--r C:\Program Files\Common Files\winfixer 2006
2008-06-22 09:16 226 ---h--r C:\Program Files\Common Files\whenu
2008-06-19 03:48 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-06-18 07:09 248 ---h--r C:\Program Files\Common Files\eacceleration
2008-06-18 07:09 240 ---h--r C:\Program Files\Common Files\drivecleaner free
2008-06-18 07:09 236 ---h--r C:\Program Files\Common Files\nsis
2008-06-18 07:09 234 ---h--r C:\Program Files\Common Files\updmgr
2008-06-18 07:09 234 ---h--r C:\Program Files\Common Files\updater
2008-06-18 07:09 234 ---h--r C:\Program Files\Common Files\keenvalue
2008-06-18 07:09 232 ---h--r C:\Program Files\Common Files\wqzq
2008-06-18 07:09 230 ---h--r C:\Program Files\Common Files\msiets
2008-06-18 07:09 230 ---h--r C:\Program Files\Common Files\btlink
2008-06-18 07:09 226 ---h--r C:\Program Files\Common Files\ucontrol
2008-06-18 07:09 226 ---h--r C:\Program Files\Common Files\sogou pxp
2008-06-18 07:09 226 ---h--r C:\Program Files\Common Files\cpush
2008-06-18 07:08 246 ---h--r C:\Program Files\Common Files\betterinternet
2008-06-18 07:08 236 ---h--r C:\Program Files\Common Files\psd tools
2008-06-18 07:08 228 ---h--r C:\Program Files\Common Files\gmt
2008-06-18 07:08 228 ---h--r C:\Program Files\Common Files\cmeii
2008-06-18 04:16 --------- d-----w C:\Program Files\Ant Movie Catalog
2008-06-17 16:09 --------- d-----w C:\Program Files\Revo Uninstaller
2008-06-16 11:18 --------- d-----w C:\Program Files\Privacy Guardian
2008-06-16 05:19 --------- d-----w C:\Program Files\Google
2008-06-14 18:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-14 17:05 --------- d-----w C:\Program Files\Opera
2008-06-10 04:12 --------- d-----w C:\Program Files\Easy Duplicate Finder
2008-06-04 19:54 --------- d-----w C:\Program Files\GoQ - NetRadio
2008-06-04 19:04 --------- d-----w C:\Program Files\IsoBuster
2008-06-04 06:59 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-31 07:40 --------- d-----w C:\Program Files\Unlocker
2008-05-31 07:40 --------- d-----w C:\Program Files\CCleaner
2008-05-27 16:14 --------- d-----w C:\Program Files\uTorrent
2008-05-24 19:02 --------- d-----w C:\Program Files\MGrab
2008-05-22 08:06 --------- d-----w C:\Program Files\SpeedFan
2008-05-22 08:01 --------- d-----w C:\Program Files\SpeedFan(2)
2008-05-20 17:21 --------- d-----w C:\Program Files\IEPro
2008-05-20 09:20 --------- d-----w C:\Program Files\Lingea
2008-05-19 13:50 --------- d-----w C:\Program Files\Common Files\GTK
2008-05-16 14:34 --------- d-----w C:\Program Files\Glary Utilities
2008-05-15 04:51 --------- d-----w C:\Program Files\Malware Blocker
2008-05-14 08:18 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-12 13:31 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-12 13:23 --------- d-----w C:\Program Files\Common Files\Moonlight
2008-05-12 12:16 --------- d-----w C:\Program Files\Common Files\DBOXII
2008-05-12 12:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 10:07 --------- d-----w C:\Program Files\Moonlight Cordless
2008-05-12 07:43 --------- d-----w C:\Program Files\VideoInspector
2008-05-08 12:28 202,752 ----a-w C:\windows\system32\drivers\rmcast.sys
2008-05-05 18:46 27,048 ----a-w C:\windows\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\windows\system32\drivers\mbam.sys
2008-05-03 11:55 --------- d-----w C:\Program Files\Torrent Harvester
2008-05-02 04:53 --------- d-----w C:\Program Files\Foxit Software
2008-05-01 07:54 --------- d-----w C:\Program Files\xp-AntiSpy
2008-04-30 14:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-30 04:44 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-04-27 14:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-27 14:45 --------- d-----w C:\Program Files\Ahead
2008-04-27 14:44 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-27 11:56 --------- d-----w C:\Program Files\QuickTime
2008-04-27 05:46 --------- d-----w C:\Program Files\P2P_Torrent
2008-04-25 05:24 --------- d-----w C:\Program Files\NgrabLite
2008-04-24 22:52 51,520 -c--a-w C:\windows\system32\drivers\TfFsMon.sys
2008-04-24 22:52 38,208 -c--a-w C:\windows\system32\drivers\TfSysMon.sys
2008-04-24 22:52 33,088 -c--a-w C:\windows\system32\drivers\TfNetMon.sys
2008-04-24 22:52 12,608 -c--a-w C:\windows\system32\drivers\TfKbMon.sys
2008-04-24 18:03 --------- d-----w C:\Program Files\SubFind
2008-04-23 04:16 826,368 ----a-w C:\windows\system32\wininet.dll
2008-04-14 19:03 8,192 ----a-w C:\ntuser.dat
2008-03-31 21:25 682,496 ----a-w C:\windows\system32\divx.dll
2008-03-29 05:19 9,801,728 -c--a-w C:\windows\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\windows\system32\atiok3x2.dll
2008-03-29 04:05 372,736 -c--a-w C:\windows\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\windows\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\windows\system32\atipdlxx.dll
2008-03-29 03:56 126,976 -c--a-w C:\windows\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\windows\system32\ati2edxx.dll
2008-03-29 03:55 26,112 -c--a-w C:\windows\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\windows\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\windows\system32\ati2evxx.exe
2008-03-29 03:52 53,248 -c--a-w C:\windows\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\windows\system32\ati3duag.dll
2008-03-29 03:39 307,200 -c--a-w C:\windows\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\windows\system32\ativvaxx.dll
2008-03-29 03:24 46,080 -c--a-w C:\windows\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 -c--a-w C:\windows\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\windows\system32\atikvmag.dll
2008-03-29 03:19 17,408 -c--a-w C:\windows\system32\atitvo32.dll
2008-03-29 03:12 520,192 ----a-w C:\windows\system32\ati2cqag.dll
2008-03-28 19:05 593,920 ----a-w C:\windows\system32\ati2sgag.exe
2008-03-28 17:41 7,680 ----a-w C:\windows\system32\ff_vfw.dll
2008-03-25 09:39 270,336 ----a-w C:\windows\system32\imon.dll
2008-03-24 20:39 45,568 -c--a-w C:\windows\system32\avgfwdx.dll
2008-01-21 08:34 131,584 -c--a-w C:\Documents and Settings\pistabaci\ClamAVServer.dll
2007-12-05 07:46 320,000 -c--a-w C:\Documents and Settings\pistabaci\Sp_clamsrv.exe
2005-01-28 14:15 73,728 -csha-w C:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2004-08-17 13:49 60,416 -csha-w C:\windows\ServicePackFiles\i386\msimn.exe
2006-05-03 09:06 163,328 -csha-r C:\windows\system32\flvDX.dll
2007-12-23 15:57 848 -csha-w C:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 -csha-r C:\windows\system32\msfDX.dll
2008-03-15 15:58 32,768 -csha-w C:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031520080316\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-24_20.18.20.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-24 18:14:53 2,048 --s-a-w C:\windows\bootstat.dat
+ 2008-06-24 18:41:25 2,048 --s-a-w C:\windows\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a--c--- C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
2008-04-09 13:03 1524248 --a------ C:\Program Files\The_Pirate_Bay\tbThe_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= "C:\Program Files\The_Pirate_Bay\tbThe_.dll" [2008-04-09 13:03 1524248]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= C:\Program Files\The_Pirate_Bay\tbThe_.dll [2008-04-09 13:03 1524248]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2002-07-05 17:37 491008 C:\WINDOWS\mHotkey.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-25 11:39 917504]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-23 20:53 1817600]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"O&O Defrag"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\Skype.exe"=
"C:\\Program Files\\MGrab\\MGrab.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\DCC-Sony\\DCC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"9999:TCP"= 9999:TCP:Strong DC++

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 TfFsMon;TfFsMon;C:\windows\system32\drivers\TfFsMon.sys [2008-04-25 00:52]
R0 TfSysMon;TfSysMon;C:\windows\system32\drivers\TfSysMon.sys [2008-04-25 00:52]
R1 fwdrv;Firewall Driver;C:\windows\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\windows\system32\drivers\khips.sys [2007-04-26 10:21]
R1 nltdi;nltdi;C:\windows\system32\drivers\nltdi.sys [2007-04-23 13:03]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\windows\system32\drivers\sp_rsdrv2.sys [2008-06-23 20:53]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" [2008-03-07 12:00]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-02-20 21:54]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 PSched;Plánovač paketů technologie QoS;C:\windows\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 Avgfwdx;Avgfwdx;C:\windows\system32\DRIVERS\avgfwdx.sys [2008-03-24 22:39]
S3 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwdx.sys [2008-03-24 22:39]
S3 kvpndev;Kerio VPN adapter;C:\windows\system32\DRIVERS\kvpndrv.sys [2008-01-16 09:58]
S3 NPF;NetGroup Packet Filter Driver;C:\windows\system32\drivers\npf.sys [2007-11-06 22:22]
S3 PLFF;USB Flash Disk Driver;C:\windows\system32\Drivers\PLFF.sys [2003-10-06 11:29]
S3 tap0901_2gm;VPN Anonymizer Adapter;C:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 16:21]
S3 TfNetMon;TfNetMon;C:\windows\system32\drivers\TfNetMon.sys [2008-04-25 00:52]
S3 TVICHW32;TVICHW32;C:\windows\system32\DRIVERS\TVICHW32.SYS [2007-01-18 14:38]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-20 15:17:11 C:\windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-06-24 15:56:04 C:\windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-24 18:41:36 C:\windows\Tasks\EasyShare Registration RunOnce Task.job"
- C:\windows\system32\rundll32.exesC:\DOCUME~1\ALLUSE~1\DATAAP~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOfferSilence@16
"2008-06-24 18:41:37 C:\windows\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
"2008-06-15 11:28:07 C:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-06 07:37:23 C:\windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-06 11:16:04 C:\windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-06-15 07:01:47 C:\windows\Tasks\Úklid 1 kliknutím.job"

Môže mi to niekto posúdiť a poradiť čo ďalej ?

Ďakujem !!!

yaJohny · Napísal **yaJohny**: 24.06.2008 21:59

stiahni si avenger http://www.pcforum.sk/cistime-napadnuty ... 27265.html
postupuj podla navodu na avenger a vloz tam tento script:

Kód:

Files to delete:
C:\Program Files\Common Files\WinTools
C:\Program Files\Common Files\winfixer 2006
C:\Program Files\Common Files\whenu
C:\Program Files\Common Files\eacceleration
C:\Program Files\Common Files\drivecleaner free
C:\Program Files\Common Files\nsis
C:\Program Files\Common Files\updmgr
C:\Program Files\Common Files\updater
C:\Program Files\Common Files\keenvalue
C:\Program Files\Common Files\wqzq
C:\Program Files\Common Files\msiets
C:\Program Files\Common Files\btlink
C:\Program Files\Common Files\ucontrol
C:\Program Files\Common Files\sogou pxp
C:\Program Files\Common Files\cpush
C:\Program Files\Common Files\betterinternet
C:\Program Files\Common Files\psd tools
C:\Program Files\Common Files\gmt
C:\Program Files\Common Files\cmeii
C:\Program Files\hpdll

Folders to delete:
C:\Program Files\Common Files\WinTools
C:\Program Files\Common Files\winfixer 2006
C:\Program Files\Common Files\whenu
C:\Program Files\Common Files\eacceleration
C:\Program Files\Common Files\drivecleaner free
C:\Program Files\Common Files\nsis
C:\Program Files\Common Files\updmgr
C:\Program Files\Common Files\updater
C:\Program Files\Common Files\keenvalue
C:\Program Files\Common Files\wqzq
C:\Program Files\Common Files\msiets
C:\Program Files\Common Files\btlink
C:\Program Files\Common Files\ucontrol
C:\Program Files\Common Files\sogou pxp
C:\Program Files\Common Files\cpush
C:\Program Files\Common Files\betterinternet
C:\Program Files\Common Files\psd tools
C:\Program Files\Common Files\gmt
C:\Program Files\Common Files\cmeii
C:\Program Files\hpdll
C:\WINDOWS\zserv.dll

log z avengera vloz sem

..potom spusti uz v normal rezime combofix a ked skonci, vloz z neho log..
+novy log z Hijackthis

pistabaci · Napísal autor témy **pistabaci**: 24.06.2008 22:46

Avenger :

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\Program Files\Common Files\WinTools" not found!
Deletion of file "C:\Program Files\Common Files\WinTools" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\Common Files\winfixer 2006" not found!
Deletion of file "C:\Program Files\Common Files\winfixer 2006" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\Common Files\whenu" not found!
Deletion of file "C:\Program Files\Common Files\whenu" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\Common Files\eacceleration" not found!
Deletion of file "C:\Program Files\Common Files\eacceleration" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\Common Files\drivecleaner free" not found!
Deletion of file "C:\Program Files\Common Files\drivecleaner free" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\Common Files\nsis" not found!
Deletion of file "C:\Program Files\Common Files\nsis" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\Common Files\updmgr" not found!
Deletion of file "C:\Program Files\Common Files\updmgr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\Common Files\updater" not found!
Deletion of file "C:\Program Files\Common Files\updater" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\Common Files\keenvalue" not found!
Deletion of file "C:\Program Files\Common Files\keenvalue" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\Common Files\wqzq" not found!
Deletion of file "C:\Program Files\Common Files\wqzq" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\Common Files\msiets" not found!
Deletion of file "C:\Program Files\Common Files\msiets" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\Common Files\btlink" not found!
Deletion of file "C:\Program Files\Common Files\btlink" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\Common Files\ucontrol" not found!
Deletion of file "C:\Program Files\Common Files\ucontrol" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\Common Files\sogou pxp" not found!
Deletion of file "C:\Program Files\Common Files\sogou pxp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\Common Files\cpush" not found!
Deletion of file "C:\Program Files\Common Files\cpush" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\Common Files\betterinternet" not found!
Deletion of file "C:\Program Files\Common Files\betterinternet" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\Common Files\psd tools" not found!
Deletion of file "C:\Program Files\Common Files\psd tools" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\Common Files\gmt" not found!
Deletion of file "C:\Program Files\Common Files\gmt" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\Common Files\cmeii" not found!
Deletion of file "C:\Program Files\Common Files\cmeii" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Program Files\hpdll" not found!
Deletion of file "C:\Program Files\hpdll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\WinTools" not found!
Deletion of folder "C:\Program Files\Common Files\WinTools" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\winfixer 2006" not found!
Deletion of folder "C:\Program Files\Common Files\winfixer 2006" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\whenu" not found!
Deletion of folder "C:\Program Files\Common Files\whenu" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\eacceleration" not found!
Deletion of folder "C:\Program Files\Common Files\eacceleration" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\drivecleaner free" not found!
Deletion of folder "C:\Program Files\Common Files\drivecleaner free" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\nsis" not found!
Deletion of folder "C:\Program Files\Common Files\nsis" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\updmgr" not found!
Deletion of folder "C:\Program Files\Common Files\updmgr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\updater" not found!
Deletion of folder "C:\Program Files\Common Files\updater" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\keenvalue" not found!
Deletion of folder "C:\Program Files\Common Files\keenvalue" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\wqzq" not found!
Deletion of folder "C:\Program Files\Common Files\wqzq" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\msiets" not found!
Deletion of folder "C:\Program Files\Common Files\msiets" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\btlink" not found!
Deletion of folder "C:\Program Files\Common Files\btlink" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\ucontrol" not found!
Deletion of folder "C:\Program Files\Common Files\ucontrol" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\sogou pxp" not found!
Deletion of folder "C:\Program Files\Common Files\sogou pxp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\cpush" not found!
Deletion of folder "C:\Program Files\Common Files\cpush" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\betterinternet" not found!
Deletion of folder "C:\Program Files\Common Files\betterinternet" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\psd tools" not found!
Deletion of folder "C:\Program Files\Common Files\psd tools" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\gmt" not found!
Deletion of folder "C:\Program Files\Common Files\gmt" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Common Files\cmeii" not found!
Deletion of folder "C:\Program Files\Common Files\cmeii" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\hpdll" not found!
Deletion of folder "C:\Program Files\hpdll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\WINDOWS\zserv.dll" not found!
Deletion of folder "C:\WINDOWS\zserv.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

pistabaci · Napísal autor témy **pistabaci**: 24.06.2008 22:47

ComboFix :

ComboFix 08-06-20.4 - pistabaci 2008-06-24 22:21:55.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.174 [GMT 2:00]
Running from: E:\INSTALACKY\ComboFix\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\180search assistant\
C:\Program Files\180searchassistant\
C:\Program Files\2search\
C:\Program Files\Accoona\
C:\Program Files\AVSystemCare\
C:\Program Files\bravesentry\
C:\Program Files\ClientMan\
C:\Program Files\CSBB\
C:\Program Files\DriveCleaner Free\
C:\Program Files\e2g\
C:\Program Files\HbTools\
C:\Program Files\Hotbar\
C:\Program Files\IEToolbar\
C:\Program Files\install provider\
C:\Program Files\instant access\
C:\Program Files\Instant Buzz\
C:\Program Files\ipwindows\
C:\Program Files\kuaiso toolsbar\
C:\Program Files\media-codec\
C:\Program Files\mmediacodec\
C:\Program Files\MyWebSearch\
C:\Program Files\newdotnet\
C:\Program Files\p4p\
C:\Program Files\PerfectCleaner\
C:\Program Files\PestTrap\
C:\Program Files\purityscan\
C:\Program Files\regifast\
C:\Program Files\seekmo\
C:\Program Files\SideFind\
C:\Program Files\spamblockerutility\
C:\Program Files\spysheriff\
C:\Program Files\Spytech Software\
C:\Program Files\starware\
C:\Program Files\stc\
C:\Program Files\SurfAccuracy\
C:\Program Files\surfsidekick 3\
C:\Program Files\toolbar888\
C:\Program Files\web buying\
C:\Program Files\webhancer\
C:\Program Files\WhenUSearch\
C:\Program Files\zango\
C:\windows\mc\
C:\windows\mslagent\
C:\windows\msvrc20.dll
C:\windows\wincomp\
C:\windows\winmgts\
C:\windows\wintrim\

.
((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 )))))))))))))))))))))))))))))))
.

2019-11-26 14:11 . 2008-01-10 21:38 12 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-06-24 21:54 . 2008-06-24 21:54 <DIR> d-------- C:\Documents and Settings\All Users\ćablony
2008-06-24 21:52 . 2008-06-24 21:52 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-06-24 14:28 . 2008-06-24 19:54 330 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-23 20:53 . 2008-06-24 21:12 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-06-23 20:53 . 2008-06-23 20:53 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-22 12:05 . 2008-06-22 12:05 <DIR> d-------- C:\WINDOWS\PC Digital Safe
2008-06-22 10:30 . 2008-06-22 10:30 <DIR> dr------- C:\Documents and Settings\Administrator\Dokumenty
2008-06-22 04:28 . 2008-06-22 06:24 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-06-21 07:00 . 2008-06-21 07:00 <DIR> d-------- C:\Program Files\Avira
2008-06-21 06:09 . 2008-06-23 23:13 <DIR> d-------- C:\Documents and Settings\pistabaci\DoctorWeb
2008-06-21 01:05 . 2008-06-23 23:13 <DIR> d-------- C:\Program Files\Crawler
2008-06-20 23:20 . 2008-06-22 10:31 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-06-19 00:31 . 2008-06-18 20:32 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-06-18 23:43 . 2008-06-24 04:52 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-18 23:43 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-18 23:43 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-18 23:43 . 2008-06-19 05:36 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-18 23:43 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-18 09:08 . 2008-06-18 09:08 <DIR> dr-hs---- C:\WINDOWS\zeta.exe
2008-06-18 06:27 . 2008-06-18 06:45 <DIR> d-------- C:\Program Files\Rapidown
2008-06-17 10:13 . 2008-06-17 10:13 <DIR> d-------- C:\Program Files\SHOUTcast Source
2008-06-17 10:12 . 2008-06-17 10:20 <DIR> d-------- C:\Program Files\Zoom Player
2008-06-17 10:06 . 2008-06-17 10:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-17 10:06 . 2008-06-17 10:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-16 18:08 . 2008-06-16 18:08 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-06-16 07:28 . 2008-06-16 07:28 <DIR> d-------- C:\Program Files\GRETECH
2008-06-14 19:57 . 2008-06-14 19:57 2,560 --a------ C:\WINDOWS\system32\settings.aaw
2008-06-14 19:57 . 2008-06-14 19:57 704 --a------ C:\WINDOWS\system32\history.aaw
2008-06-14 17:19 . 2008-06-14 20:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-12 14:13 . 2008-06-13 05:45 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-11 09:11 . 2008-06-14 19:23 <DIR> d-------- C:\Program Files\abcAVI
2008-06-09 20:46 . 2008-06-16 12:50 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2008-06-09 20:44 . 2008-06-09 20:44 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-08 10:44 . 2008-03-26 11:15 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-06-08 10:43 . 2008-06-08 10:43 <DIR> d-------- C:\Intel
2008-06-04 21:19 . 2008-06-08 06:33 526 --a------ C:\WINDOWS\ATICIM.INI
2008-06-04 20:00 . 2008-06-04 20:00 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-31 09:39 . 2008-05-31 09:39 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-26 18:42 . 2008-05-26 18:42 <DIR> d-------- C:\Program Files\Realtek AC97

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 19:50 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-06-24 19:36 --------- d-----w C:\Program Files\IObit
2008-06-24 03:05 --------- d-----w C:\Program Files\Wise Registry Cleaner
2008-06-23 23:16 --------- d-----w C:\Program Files\FlashFXP
2008-06-23 21:46 --------- d-----w C:\Program Files\Desktop Maestro
2008-06-23 21:14 --------- d-----w C:\Program Files\WhatsRunning
2008-06-23 21:13 --------- d-----w C:\Program Files\ApexDC++
2008-06-18 04:16 --------- d-----w C:\Program Files\Ant Movie Catalog
2008-06-17 16:09 --------- d-----w C:\Program Files\Revo Uninstaller
2008-06-16 11:18 --------- d-----w C:\Program Files\Privacy Guardian
2008-06-16 05:19 --------- d-----w C:\Program Files\Google
2008-06-14 18:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-14 17:05 --------- d-----w C:\Program Files\Opera
2008-06-10 04:12 --------- d-----w C:\Program Files\Easy Duplicate Finder
2008-06-04 19:54 --------- d-----w C:\Program Files\GoQ - NetRadio
2008-06-04 19:04 --------- d-----w C:\Program Files\IsoBuster
2008-06-04 06:59 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-31 07:40 --------- d-----w C:\Program Files\Unlocker
2008-05-31 07:40 --------- d-----w C:\Program Files\CCleaner
2008-05-27 16:14 --------- d-----w C:\Program Files\uTorrent
2008-05-24 19:02 --------- d-----w C:\Program Files\MGrab
2008-05-22 08:06 --------- d-----w C:\Program Files\SpeedFan
2008-05-22 08:01 --------- d-----w C:\Program Files\SpeedFan(2)
2008-05-20 17:21 --------- d-----w C:\Program Files\IEPro
2008-05-20 09:20 --------- d-----w C:\Program Files\Lingea
2008-05-19 13:50 --------- d-----w C:\Program Files\Common Files\GTK
2008-05-16 14:34 --------- d-----w C:\Program Files\Glary Utilities
2008-05-15 04:51 --------- d-----w C:\Program Files\Malware Blocker
2008-05-14 08:18 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-12 13:31 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-12 13:23 --------- d-----w C:\Program Files\Common Files\Moonlight
2008-05-12 12:16 --------- d-----w C:\Program Files\Common Files\DBOXII
2008-05-12 12:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 10:07 --------- d-----w C:\Program Files\Moonlight Cordless
2008-05-12 07:43 --------- d-----w C:\Program Files\VideoInspector
2008-05-08 12:28 202,752 ----a-w C:\windows\system32\drivers\rmcast.sys
2008-05-05 18:46 27,048 ----a-w C:\windows\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\windows\system32\drivers\mbam.sys
2008-05-03 11:55 --------- d-----w C:\Program Files\Torrent Harvester
2008-05-02 04:53 --------- d-----w C:\Program Files\Foxit Software
2008-05-01 07:54 --------- d-----w C:\Program Files\xp-AntiSpy
2008-04-30 14:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-30 04:44 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-04-27 14:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-27 14:45 --------- d-----w C:\Program Files\Ahead
2008-04-27 14:44 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-27 11:56 --------- d-----w C:\Program Files\QuickTime
2008-04-27 05:46 --------- d-----w C:\Program Files\P2P_Torrent
2008-04-25 05:24 --------- d-----w C:\Program Files\NgrabLite
2008-04-24 22:52 51,520 -c--a-w C:\windows\system32\drivers\TfFsMon.sys
2008-04-24 22:52 38,208 -c--a-w C:\windows\system32\drivers\TfSysMon.sys
2008-04-24 22:52 33,088 -c--a-w C:\windows\system32\drivers\TfNetMon.sys
2008-04-24 22:52 12,608 -c--a-w C:\windows\system32\drivers\TfKbMon.sys
2008-04-24 18:03 --------- d-----w C:\Program Files\SubFind
2008-04-23 04:16 826,368 ----a-w C:\windows\system32\wininet.dll
2008-04-14 19:03 8,192 ----a-w C:\ntuser.dat
2008-03-31 21:25 682,496 ----a-w C:\windows\system32\divx.dll
2008-03-29 05:19 9,801,728 -c--a-w C:\windows\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\windows\system32\atiok3x2.dll
2008-03-29 04:05 372,736 -c--a-w C:\windows\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\windows\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\windows\system32\atipdlxx.dll
2008-03-29 03:56 126,976 -c--a-w C:\windows\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\windows\system32\ati2edxx.dll
2008-03-29 03:55 26,112 -c--a-w C:\windows\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\windows\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\windows\system32\ati2evxx.exe
2008-03-29 03:52 53,248 -c--a-w C:\windows\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\windows\system32\ati3duag.dll
2008-03-29 03:39 307,200 -c--a-w C:\windows\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\windows\system32\ativvaxx.dll
2008-03-29 03:24 46,080 -c--a-w C:\windows\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 -c--a-w C:\windows\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\windows\system32\atikvmag.dll
2008-03-29 03:19 17,408 -c--a-w C:\windows\system32\atitvo32.dll
2008-03-29 03:12 520,192 ----a-w C:\windows\system32\ati2cqag.dll
2008-03-28 19:05 593,920 ----a-w C:\windows\system32\ati2sgag.exe
2008-03-28 17:41 7,680 ----a-w C:\windows\system32\ff_vfw.dll
2008-03-25 09:39 270,336 ----a-w C:\windows\system32\imon.dll
2008-03-24 20:39 45,568 -c--a-w C:\windows\system32\avgfwdx.dll
2008-01-21 08:34 131,584 -c--a-w C:\Documents and Settings\pistabaci\ClamAVServer.dll
2007-12-05 07:46 320,000 -c--a-w C:\Documents and Settings\pistabaci\Sp_clamsrv.exe
2007-08-27 13:13 5,848 -c--a-w C:\Documents and Settings\pistabaci\xClamAVServerSources.zip
2007-08-21 20:01 638,976 -c--a-w C:\Documents and Settings\pistabaci\libclamav.dll
2007-05-03 01:03 30,208 -c--a-w C:\Documents and Settings\pistabaci\pthreadVC2.dll
2006-10-25 04:17 417,792 -c--a-w C:\Documents and Settings\pistabaci\clamav.dll
2005-09-23 04:56 479,232 -c--a-w C:\Documents and Settings\pistabaci\msvcm80.dll
2005-09-22 21:05 626,688 -c--a-w C:\Documents and Settings\pistabaci\msvcr80.dll
2005-09-22 21:05 548,864 -c--a-w C:\Documents and Settings\pistabaci\msvcp80.dll
2005-01-28 14:15 73,728 -csha-w C:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2004-08-17 13:49 60,416 -csha-w C:\windows\ServicePackFiles\i386\msimn.exe
2006-05-03 09:06 163,328 -csha-r C:\windows\system32\flvDX.dll
2007-12-23 15:57 848 -csha-w C:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 -csha-r C:\windows\system32\msfDX.dll
2008-03-15 15:58 32,768 -csha-w C:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031520080316\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a--c--- C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
2008-04-09 13:03 1524248 --a------ C:\Program Files\The_Pirate_Bay\tbThe_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= "C:\Program Files\The_Pirate_Bay\tbThe_.dll" [2008-04-09 13:03 1524248]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= C:\Program Files\The_Pirate_Bay\tbThe_.dll [2008-04-09 13:03 1524248]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2002-07-05 17:37 491008 C:\WINDOWS\mHotkey.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-25 11:39 917504]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-23 20:53 1817600]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"O&O Defrag"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\Skype.exe"=
"C:\\Program Files\\MGrab\\MGrab.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\DCC-Sony\\DCC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"9999:TCP"= 9999:TCP:Strong DC++

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 TfFsMon;TfFsMon;C:\windows\system32\drivers\TfFsMon.sys [2008-04-25 00:52]
R0 TfSysMon;TfSysMon;C:\windows\system32\drivers\TfSysMon.sys [2008-04-25 00:52]
R1 fwdrv;Firewall Driver;C:\windows\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\windows\system32\drivers\khips.sys [2007-04-26 10:21]
R1 nltdi;nltdi;C:\windows\system32\drivers\nltdi.sys [2007-04-23 13:03]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\windows\system32\drivers\sp_rsdrv2.sys [2008-06-23 20:53]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" [2008-03-07 12:00]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-02-20 21:54]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 PSched;Plánovač paketů technologie QoS;C:\windows\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 Avgfwdx;Avgfwdx;C:\windows\system32\DRIVERS\avgfwdx.sys [2008-03-24 22:39]
S3 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwdx.sys [2008-03-24 22:39]
S3 kvpndev;Kerio VPN adapter;C:\windows\system32\DRIVERS\kvpndrv.sys [2008-01-16 09:58]
S3 NPF;NetGroup Packet Filter Driver;C:\windows\system32\drivers\npf.sys [2007-11-06 22:22]
S3 PLFF;USB Flash Disk Driver;C:\windows\system32\Drivers\PLFF.sys [2003-10-06 11:29]
S3 tap0901_2gm;VPN Anonymizer Adapter;C:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 16:21]
S3 TfNetMon;TfNetMon;C:\windows\system32\drivers\TfNetMon.sys [2008-04-25 00:52]
S3 TVICHW32;TVICHW32;C:\windows\system32\DRIVERS\TVICHW32.SYS [2007-01-18 14:38]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-20 15:17:11 C:\windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-06-24 19:43:50 C:\windows\Tasks\Advanced WindowsCare V2 Pro.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe
"2008-06-24 19:43:50 C:\windows\Tasks\AwcProUpdate.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro
"2008-06-24 19:56:08 C:\windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-24 20:33:20 C:\windows\Tasks\EasyShare Registration RunOnce Task.job"
- C:\windows\system32\rundll32.exesC:\DOCUME~1\ALLUSE~1\DATAAP~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOfferSilence@16
"2008-06-24 20:33:22 C:\windows\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
"2008-06-15 11:28:07 C:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-06 07:37:23 C:\windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-06 11:16:04 C:\windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-06-15 07:01:47 C:\windows\Tasks\Úklid 1 kliknutím.job"

pistabaci · Napísal autor témy **pistabaci**: 24.06.2008 22:48

HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:47, on 2008-06-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\windows\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\windows\mHotkey.exe
C:\Program Files\Eset\nod32kui.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O2 - BHO: InlineSearchHandleHotKeys Class - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\windows\system32\drivers\dcfssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 10459 bytes

yaJohny · Napísal **yaJohny**: 24.06.2008 23:16

pouzi Combofix so scriptom - a predtym si najprv povypinaj antiviraky rezidentne

Kód:

Folder:
C:\WINDOWS\zeta.exe

potom otestuj na www.virustotal.com

Kód:

C:\Documents and Settings\pistabaci\pthreadVC2.dll 
C:\Documents and Settings\pistabaci\msvcr80.dll 
C:\Documents and Settings\pistabaci\msvcp80.dll
C:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
C:\windows\ServicePackFiles\i386\msimn.exe

vysledky vloz sem

pistabaci · Napísal autor témy **pistabaci**: 25.06.2008 6:27

ComboFix :

ComboFix 08-06-20.4 - pistabaci 2008-06-25 5:54:51.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.194 [GMT 2:00]
Running from: C:\Documents and Settings\pistabaci\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\pistabaci\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\180search assistant\
C:\Program Files\180searchassistant\
C:\Program Files\2search\
C:\Program Files\Accoona\
C:\Program Files\AVSystemCare\
C:\Program Files\bravesentry\
C:\Program Files\ClientMan\
C:\Program Files\CSBB\
C:\Program Files\DriveCleaner Free\
C:\Program Files\e2g\
C:\Program Files\HbTools\
C:\Program Files\Hotbar\
C:\Program Files\IEToolbar\
C:\Program Files\install provider\
C:\Program Files\instant access\
C:\Program Files\Instant Buzz\
C:\Program Files\ipwindows\
C:\Program Files\kuaiso toolsbar\
C:\Program Files\media-codec\
C:\Program Files\mmediacodec\
C:\Program Files\MyWebSearch\
C:\Program Files\newdotnet\
C:\Program Files\p4p\
C:\Program Files\PerfectCleaner\
C:\Program Files\PestTrap\
C:\Program Files\purityscan\
C:\Program Files\regifast\
C:\Program Files\seekmo\
C:\Program Files\SideFind\
C:\Program Files\spamblockerutility\
C:\Program Files\spysheriff\
C:\Program Files\Spytech Software\
C:\Program Files\starware\
C:\Program Files\stc\
C:\Program Files\SurfAccuracy\
C:\Program Files\surfsidekick 3\
C:\Program Files\toolbar888\
C:\Program Files\web buying\
C:\Program Files\webhancer\
C:\Program Files\WhenUSearch\
C:\Program Files\zango\
C:\windows\mc\
C:\windows\mslagent\
C:\windows\wincomp\
C:\windows\winmgts\
C:\windows\wintrim\
.
---- Previous Run -------
.
C:\Program Files\180search assistant\
C:\Program Files\180searchassistant\
C:\Program Files\2search\
C:\Program Files\Accoona\
C:\Program Files\AVSystemCare\
C:\Program Files\bravesentry\
C:\Program Files\ClientMan\
C:\Program Files\CSBB\
C:\Program Files\DriveCleaner Free\
C:\Program Files\e2g\
C:\Program Files\HbTools\
C:\Program Files\Hotbar\
C:\Program Files\IEToolbar\
C:\Program Files\install provider\
C:\Program Files\instant access\
C:\Program Files\Instant Buzz\
C:\Program Files\ipwindows\
C:\Program Files\kuaiso toolsbar\
C:\Program Files\media-codec\
C:\Program Files\mmediacodec\
C:\Program Files\MyWebSearch\
C:\Program Files\newdotnet\
C:\Program Files\p4p\
C:\Program Files\PerfectCleaner\
C:\Program Files\PestTrap\
C:\Program Files\purityscan\
C:\Program Files\regifast\
C:\Program Files\seekmo\
C:\Program Files\SideFind\
C:\Program Files\spamblockerutility\
C:\Program Files\spysheriff\
C:\Program Files\Spytech Software\
C:\Program Files\starware\
C:\Program Files\stc\
C:\Program Files\SurfAccuracy\
C:\Program Files\surfsidekick 3\
C:\Program Files\toolbar888\
C:\Program Files\web buying\
C:\Program Files\webhancer\
C:\Program Files\WhenUSearch\
C:\Program Files\zango\
C:\windows\mc\
C:\windows\mslagent\
C:\windows\msvrc20.dll
C:\windows\wincomp\
C:\windows\winmgts\
C:\windows\wintrim\

.
((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2019-11-26 14:11 . 2008-01-10 21:38 12 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-06-24 21:54 . 2008-06-24 21:54 <DIR> d-------- C:\Documents and Settings\All Users\ćablony
2008-06-24 21:52 . 2008-06-24 21:52 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-06-24 14:28 . 2008-06-24 19:54 330 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-23 20:53 . 2008-06-24 21:12 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-06-23 20:53 . 2008-06-23 20:53 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-22 12:05 . 2008-06-22 12:05 <DIR> d-------- C:\WINDOWS\PC Digital Safe
2008-06-22 10:30 . 2008-06-22 10:30 <DIR> dr------- C:\Documents and Settings\Administrator\Dokumenty
2008-06-22 04:28 . 2008-06-22 06:24 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-06-21 07:00 . 2008-06-21 07:00 <DIR> d-------- C:\Program Files\Avira
2008-06-21 06:09 . 2008-06-23 23:13 <DIR> d-------- C:\Documents and Settings\pistabaci\DoctorWeb
2008-06-21 01:05 . 2008-06-23 23:13 <DIR> d-------- C:\Program Files\Crawler
2008-06-20 23:20 . 2008-06-22 10:31 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-06-19 00:31 . 2008-06-18 20:32 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-06-18 23:43 . 2008-06-24 04:52 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-18 23:43 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-18 23:43 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-18 23:43 . 2008-06-19 05:36 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-18 23:43 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-18 09:08 . 2008-06-18 09:08 <DIR> dr-hs---- C:\WINDOWS\zeta.exe
2008-06-18 06:27 . 2008-06-18 06:45 <DIR> d-------- C:\Program Files\Rapidown
2008-06-17 10:13 . 2008-06-17 10:13 <DIR> d-------- C:\Program Files\SHOUTcast Source
2008-06-17 10:12 . 2008-06-17 10:20 <DIR> d-------- C:\Program Files\Zoom Player
2008-06-17 10:06 . 2008-06-17 10:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-17 10:06 . 2008-06-17 10:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-16 18:08 . 2008-06-16 18:08 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-06-16 07:28 . 2008-06-16 07:28 <DIR> d-------- C:\Program Files\GRETECH
2008-06-14 19:57 . 2008-06-14 19:57 2,560 --a------ C:\WINDOWS\system32\settings.aaw
2008-06-14 19:57 . 2008-06-14 19:57 704 --a------ C:\WINDOWS\system32\history.aaw
2008-06-14 17:19 . 2008-06-14 20:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-12 14:13 . 2008-06-13 05:45 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-11 09:11 . 2008-06-14 19:23 <DIR> d-------- C:\Program Files\abcAVI
2008-06-09 20:46 . 2008-06-16 12:50 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2008-06-09 20:44 . 2008-06-09 20:44 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-08 10:44 . 2008-03-26 11:15 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-06-08 10:43 . 2008-06-08 10:43 <DIR> d-------- C:\Intel
2008-06-04 21:19 . 2008-06-08 06:33 526 --a------ C:\WINDOWS\ATICIM.INI
2008-06-04 20:00 . 2008-06-04 20:00 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-31 09:39 . 2008-05-31 09:39 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-26 18:42 . 2008-05-26 18:42 <DIR> d-------- C:\Program Files\Realtek AC97

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 19:50 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-06-24 19:36 --------- d-----w C:\Program Files\IObit
2008-06-24 03:05 --------- d-----w C:\Program Files\Wise Registry Cleaner
2008-06-23 23:16 --------- d-----w C:\Program Files\FlashFXP
2008-06-23 21:46 --------- d-----w C:\Program Files\Desktop Maestro
2008-06-23 21:14 --------- d-----w C:\Program Files\WhatsRunning
2008-06-23 21:13 --------- d-----w C:\Program Files\ApexDC++
2008-06-18 04:16 --------- d-----w C:\Program Files\Ant Movie Catalog
2008-06-17 16:09 --------- d-----w C:\Program Files\Revo Uninstaller
2008-06-16 11:18 --------- d-----w C:\Program Files\Privacy Guardian
2008-06-16 05:19 --------- d-----w C:\Program Files\Google
2008-06-14 18:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-14 17:05 --------- d-----w C:\Program Files\Opera
2008-06-10 04:12 --------- d-----w C:\Program Files\Easy Duplicate Finder
2008-06-04 19:54 --------- d-----w C:\Program Files\GoQ - NetRadio
2008-06-04 19:04 --------- d-----w C:\Program Files\IsoBuster
2008-06-04 06:59 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-31 07:40 --------- d-----w C:\Program Files\Unlocker
2008-05-31 07:40 --------- d-----w C:\Program Files\CCleaner
2008-05-27 16:14 --------- d-----w C:\Program Files\uTorrent
2008-05-24 19:02 --------- d-----w C:\Program Files\MGrab
2008-05-22 08:06 --------- d-----w C:\Program Files\SpeedFan
2008-05-22 08:01 --------- d-----w C:\Program Files\SpeedFan(2)
2008-05-20 17:21 --------- d-----w C:\Program Files\IEPro
2008-05-20 09:20 --------- d-----w C:\Program Files\Lingea
2008-05-19 13:50 --------- d-----w C:\Program Files\Common Files\GTK
2008-05-16 14:34 --------- d-----w C:\Program Files\Glary Utilities
2008-05-15 04:51 --------- d-----w C:\Program Files\Malware Blocker
2008-05-14 08:18 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-12 13:31 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-12 13:23 --------- d-----w C:\Program Files\Common Files\Moonlight
2008-05-12 12:16 --------- d-----w C:\Program Files\Common Files\DBOXII
2008-05-12 12:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 10:07 --------- d-----w C:\Program Files\Moonlight Cordless
2008-05-12 07:43 --------- d-----w C:\Program Files\VideoInspector
2008-05-08 12:28 202,752 ----a-w C:\windows\system32\drivers\rmcast.sys
2008-05-05 18:46 27,048 ----a-w C:\windows\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\windows\system32\drivers\mbam.sys
2008-05-03 11:55 --------- d-----w C:\Program Files\Torrent Harvester
2008-05-02 04:53 --------- d-----w C:\Program Files\Foxit Software
2008-05-01 07:54 --------- d-----w C:\Program Files\xp-AntiSpy
2008-04-30 14:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-30 04:44 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-04-27 14:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-27 14:45 --------- d-----w C:\Program Files\Ahead
2008-04-27 14:44 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-27 11:56 --------- d-----w C:\Program Files\QuickTime
2008-04-27 05:46 --------- d-----w C:\Program Files\P2P_Torrent
2008-04-25 05:24 --------- d-----w C:\Program Files\NgrabLite
2008-04-23 04:16 826,368 ----a-w C:\windows\system32\wininet.dll
2008-04-14 19:03 8,192 ----a-w C:\ntuser.dat
2008-03-31 21:25 682,496 ----a-w C:\windows\system32\divx.dll
2008-03-29 05:19 9,801,728 -c--a-w C:\windows\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\windows\system32\atiok3x2.dll
2008-03-29 04:05 372,736 -c--a-w C:\windows\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\windows\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\windows\system32\atipdlxx.dll
2008-03-29 03:56 126,976 -c--a-w C:\windows\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\windows\system32\ati2edxx.dll
2008-03-29 03:55 26,112 -c--a-w C:\windows\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\windows\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\windows\system32\ati2evxx.exe
2008-03-29 03:52 53,248 -c--a-w C:\windows\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\windows\system32\ati3duag.dll
2008-03-29 03:39 307,200 -c--a-w C:\windows\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\windows\system32\ativvaxx.dll
2008-03-29 03:24 46,080 -c--a-w C:\windows\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 -c--a-w C:\windows\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\windows\system32\atikvmag.dll
2008-03-29 03:19 17,408 -c--a-w C:\windows\system32\atitvo32.dll
2008-03-29 03:12 520,192 ----a-w C:\windows\system32\ati2cqag.dll
2008-03-28 19:05 593,920 ----a-w C:\windows\system32\ati2sgag.exe
2008-03-28 17:41 7,680 ----a-w C:\windows\system32\ff_vfw.dll
2008-03-25 09:39 270,336 ----a-w C:\windows\system32\imon.dll
2008-01-21 08:34 131,584 -c--a-w C:\Documents and Settings\pistabaci\ClamAVServer.dll
2007-12-05 07:46 320,000 -c--a-w C:\Documents and Settings\pistabaci\Sp_clamsrv.exe
2007-08-27 13:13 5,848 -c--a-w C:\Documents and Settings\pistabaci\xClamAVServerSources.zip
2007-08-21 20:01 638,976 -c--a-w C:\Documents and Settings\pistabaci\libclamav.dll
2007-05-03 01:03 30,208 -c--a-w C:\Documents and Settings\pistabaci\pthreadVC2.dll
2006-10-25 04:17 417,792 -c--a-w C:\Documents and Settings\pistabaci\clamav.dll
2005-09-23 04:56 479,232 -c--a-w C:\Documents and Settings\pistabaci\msvcm80.dll
2005-09-22 21:05 626,688 -c--a-w C:\Documents and Settings\pistabaci\msvcr80.dll
2005-09-22 21:05 548,864 -c--a-w C:\Documents and Settings\pistabaci\msvcp80.dll
2005-01-28 14:15 73,728 -csha-w C:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2004-08-17 13:49 60,416 -csha-w C:\windows\ServicePackFiles\i386\msimn.exe
2006-05-03 09:06 163,328 -csha-r C:\windows\system32\flvDX.dll
2007-12-23 15:57 848 -csha-w C:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 -csha-r C:\windows\system32\msfDX.dll
2008-03-15 15:58 32,768 -csha-w C:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031520080316\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-25_ 5.46.39.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-25 03:43:15 2,048 --s-a-w C:\windows\bootstat.dat
+ 2008-06-25 04:06:59 2,048 --s-a-w C:\windows\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a--c--- C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
2008-04-09 13:03 1524248 --a------ C:\Program Files\The_Pirate_Bay\tbThe_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= "C:\Program Files\The_Pirate_Bay\tbThe_.dll" [2008-04-09 13:03 1524248]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= C:\Program Files\The_Pirate_Bay\tbThe_.dll [2008-04-09 13:03 1524248]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2002-07-05 17:37 491008 C:\WINDOWS\mHotkey.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-25 11:39 917504]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-23 20:53 1817600]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"O&O Defrag"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\Skype.exe"=
"C:\\Program Files\\MGrab\\MGrab.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\DCC-Sony\\DCC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"9999:TCP"= 9999:TCP:Strong DC++

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 TfFsMon;TfFsMon;C:\windows\system32\drivers\TfFsMon.sys [2008-04-25 00:52]
R0 TfSysMon;TfSysMon;C:\windows\system32\drivers\TfSysMon.sys [2008-04-25 00:52]
R1 fwdrv;Firewall Driver;C:\windows\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\windows\system32\drivers\khips.sys [2007-04-26 10:21]
R1 nltdi;nltdi;C:\windows\system32\drivers\nltdi.sys [2007-04-23 13:03]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\windows\system32\drivers\sp_rsdrv2.sys [2008-06-23 20:53]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" [2008-03-07 12:00]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-02-20 21:54]
R3 PSched;Plánovač paketů technologie QoS;C:\windows\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S3 Avgfwdx;Avgfwdx;C:\windows\system32\DRIVERS\avgfwdx.sys [2008-03-24 22:39]
S3 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwdx.sys [2008-03-24 22:39]
S3 kvpndev;Kerio VPN adapter;C:\windows\system32\DRIVERS\kvpndrv.sys [2008-01-16 09:58]
S3 NPF;NetGroup Packet Filter Driver;C:\windows\system32\drivers\npf.sys [2007-11-06 22:22]
S3 PLFF;USB Flash Disk Driver;C:\windows\system32\Drivers\PLFF.sys [2003-10-06 11:29]
S3 tap0901_2gm;VPN Anonymizer Adapter;C:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 16:21]
S3 TfNetMon;TfNetMon;C:\windows\system32\drivers\TfNetMon.sys [2008-04-25 00:52]
S3 TVICHW32;TVICHW32;C:\windows\system32\DRIVERS\TVICHW32.SYS [2007-01-18 14:38]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-20 15:17:11 C:\windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-06-24 19:43:50 C:\windows\Tasks\Advanced WindowsCare V2 Pro.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe
"2008-06-24 19:43:50 C:\windows\Tasks\AwcProUpdate.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro
"2008-06-25 03:56:03 C:\windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-25 04:07:11 C:\windows\Tasks\EasyShare Registration RunOnce Task.job"
- C:\windows\system32\rundll32.exesC:\DOCUME~1\ALLUSE~1\DATAAP~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOfferSilence@16
"2008-06-25 04:07:11 C:\windows\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
"2008-06-15 11:28:07 C:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-06 07:37:23 C:\windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-06 11:16:04 C:\windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-06-15 07:01:47 C:\windows\Tasks\Úklid 1 kliknutím.job"

File msimn.exe received on 06.25.2008 05:24:40 (CET)
Current status: finished
Result: 0/33 (0.00%)

File wmplayer.exe received on 06.25.2008 05:23:29 (CET)
Current status: finished
Result: 0/33 (0.00%)

File msvcp80.dll.tmp received on 06.19.2008 03:36:44 (CET)
Current status: finished
Result: 0/33 (0.00%)

File default.htm received on 06.25.2008 06:20:23 (CET)
Current status: finished
Result: 1/33 (3.04%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2008.6.25.0 2008.06.25 -
AntiVir 7.8.0.59 2008.06.24 -
Authentium 5.1.0.4 2008.06.24 -
Avast 4.8.1195.0 2008.06.25 -
AVG 7.5.0.516 2008.06.25 -
BitDefender 7.2 2008.06.25 -
CAT-QuickHeal 9.50 2008.06.23 -
ClamAV 0.93.1 2008.06.24 -
DrWeb 4.44.0.09170 2008.06.24 -
eSafe 7.0.17.0 2008.06.24 -
eTrust-Vet 31.6.5902 2008.06.25 -
Ewido 4.0 2008.06.24 -
F-Prot 4.4.4.56 2008.06.24 -
F-Secure 7.60.13501.0 2008.06.24 -
Fortinet 3.14.0.0 2008.06.24 -
GData 2.0.7306.1023 2008.06.25 -
Ikarus T3.1.1.26.0 2008.06.25 -
Kaspersky 7.0.0.125 2008.06.25 -
McAfee 5324 2008.06.24 -
Microsoft 1.3604 2008.06.25 -
NOD32v2 3215 2008.06.24 -
Norman 5.80.02 2008.06.24 -
Panda 9.0.0.4 2008.06.24 -
Prevx1 V2 2008.06.25 -
Rising 20.50.20.00 2008.06.25 -
Sophos 4.30.0 2008.06.25 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.25 -
TheHacker 6.2.92.361 2008.06.25 -
TrendMicro 8.700.0.1004 2008.06.25 -
VBA32 3.12.6.8 2008.06.23 -
VirusBuster 4.5.11.0 2008.06.23 -
Webwasher-Gateway 6.6.2 2008.06.25 Exploit.HTML.Hostile-URL.gen (suspicious)
Additional information
File size: 1558 bytes
MD5...: a41e939c102064790d1c14005abb0bad
SHA1..: 8558b61a55e4134cbdb3479184b5abc239d2e293
SHA256: 959ff4274f678ce3fb6a8bfbecc4f4e22302e9ced62b4f8e9c058e8063543464
SHA512: f119081f198ff3c40dc83d92a81b9aa718fce56bfaf414af7bd4827f9902a549
c422e64efeac3decc75a595f0abcb0c86c41c40a115416c75129f2d57835c035
PEiD..: -
PEInfo: -
packers (F-Prot): Unicode

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

File msvcr80.dll received on 05.19.2008 12:01:01 (CET)
Current status: finished
Result: 0/32 (0.00%)

pistabaci · Napísal autor témy **pistabaci**: 26.06.2008 7:37

Skončil si bez záveru ? Tak aspoň napíš aby som nelietal zbytočne na fórum . Ďakujem

Prosím o pomoc pri odvírení - kontrola Hijack a wmav

Podobné témy