Obsah fóra
PravidláRegistrovaťPrihlásenie




Odpovedať na tému [ Príspevkov: 34 ] Choď na stránku: 1, 2 ďalšia
AutorSpráva
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.06
Prihlásený: 09.03.22
Príspevky: 123
Témy: 33
Bydlisko: Bratislava
Príspevok NapísalOffline : 22.02.2008 14:28

Mam dovodne podozrenie, ze sa mi niekto dokaze zisti hesla do mailovej schranky a na pokec a mozno aj ine. Uz nema pristup k mojmu PC, ale predtym mal, hesla som uz potom zmenil. Viete mi povedat ako je to mozne, cez aky program to robi, a najma ako sa takeho niecoho zbavit?
Prosim, fakt je to dolezite.
Dakujem


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 13.11.07
Prihlásený: 06.03.08
Príspevky: 431
Témy: 28
Príspevok NapísalOffline : 22.02.2008 14:35

sniff? odchytavanie paketov ..teda aj hesla.. nainstaluj eset.


Offline

Užívateľ
Užívateľ
PROSIM PORADTE!!!!!!!

Registrovaný: 05.11.07
Prihlásený: 16.05.08
Príspevky: 32
Témy: 1
Bydlisko: Bratislava
Príspevok NapísalOffline : 22.02.2008 14:38

Vacsinou ti na pozadi bezi bezi program ktory loguje kazdu aktivitu a zachytava komunikaciu klavesnica pc. Vsetko sa potom uklada do nejakeho file, kde si to potom dotycna osoba moze pozriet. Prikladom takeho programu je napriklad key logger. Ked pogooglis najdes ich viac.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.06
Prihlásený: 09.03.22
Príspevky: 123
Témy: 33
Bydlisko: Bratislava
Príspevok Napísal autor témyOffline : 22.02.2008 14:41

no keylogger tam bol predtym, tan som si nasiel. ale teraz uz nema pristup k pC, takze si to nevie pozriet.

viktorcech dakujem, skusim. dal som sivyhlatat v pC ten sniff a naslo mi to sniffpol.dll moze to byt ono?


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 13.11.07
Prihlásený: 06.03.08
Príspevky: 431
Témy: 28
Príspevok NapísalOffline : 22.02.2008 14:44

Majko píše:
viktorcech dakujem, skusim. dal som sivyhlatat v pC ten sniff a naslo mi to sniffpol.dll moze to byt ono?


vies co neries to. kujeeeem.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.06
Prihlásený: 09.03.22
Príspevky: 123
Témy: 33
Bydlisko: Bratislava
Príspevok Napísal autor témyOffline : 22.02.2008 14:46

prepac, ale ja sa v tom fakt nevyznam. asi som trepol nejaku blbost.


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 22.02.2008 14:49

sniffpol.dll je o.K ... vloz log combofix + potom hijackthis


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.06
Prihlásený: 09.03.22
Príspevky: 123
Témy: 33
Bydlisko: Bratislava
Príspevok Napísal autor témyOffline : 22.02.2008 14:51

yaJohny píše:
sniffpol.dll je o.K ... vloz log combofix + potom hijackthis


dakujem, lenze ja sa skutocne v takychto veciach nevyznam, tekze neviem, co si mi vlastne poradil.


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 22.02.2008 14:56

stiahni si: http://www.techsupportforum.com/combofix.exe uloz na plochu, vypni AntiViraky, spusti combofix, prebehne ti test a potom ti vyskoci log, ktory vlozis sem do fora...

potom sem vloz log aj z Hijackthis - navod : http://www.pcforum.sk/cistime-napadnuty ... 27265.html


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.06
Prihlásený: 09.03.22
Príspevky: 123
Témy: 33
Bydlisko: Bratislava
Príspevok Napísal autor témyOffline : 22.02.2008 15:22

uz to mam,asi.

ComboFix 08-02-22.2 - Aďka 2008-02-22 15:04:45.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.77 [GMT 1:00]
Running from: C:\Documents and Settings\Aďka\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 28674 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\chenzi.exe
C:\WINDOWS\msettings.ini
C:\WINDOWS\system32\2_exception.nls
C:\WINDOWS\system32\alt.exe.exe
C:\WINDOWS\system32\bdscheca001.dll
C:\WINDOWS\system32\cmss.exe
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\drivers\protect.sys
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\drivers\secdrv.sys
C:\WINDOWS\system32\ipv6monl.dll
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\pee.exe.exe
C:\WINDOWS\system32\PIk1Cl4i.dll
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\rpcc.dll
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\vtroll.dll
C:\WINDOWS\system32\w32sys4.exe
C:\WINDOWS\system32\w32sys5.exe
C:\WINDOWS\system32\WinAvX.exe
C:\WINDOWS\system32\wincom32.ini
C:\WINDOWS\system32\wincom32.sys
C:\WINDOWS\system32\windev-369f-62ec.sys
C:\WINDOWS\system32\windev-peers.ini
C:\WINDOWS\system32\winservcs32.dll
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\WebAssist.dll

----- BITS: Possible infected sites -----

hxxp://66.29.77.196
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FCI
-------\LEGACY_PROTECT
-------\LEGACY_SYSLIBRARY
-------\FCI
-------\protect
-------\SysLibrary


((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.

2008-01-29 09:57 . 2008-01-29 09:59 <DIR> d-------- C:\Program Files\Eurotran XP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 17:29 --------- d-----w C:\Program Files\Java
2008-01-17 17:26 --------- d-----w C:\Program Files\Common Files\Java
2007-07-24 15:06 19,968 --sha-r C:\WINDOWS\system32\crvdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe" [2004-05-06 16:01 516096]
"SiSPower"="SiSPower.dll" [2004-11-12 10:49 49152 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-17 14:49 389632 C:\WINDOWS\system32\cmd.exe]
"nlhr"="C:\WINDOWS\System32\AdvPack.Dll" [2004-08-17 14:49 100352]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-17 14:42 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-04-28 17:47]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-04-28 17:48]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2004-04-29 06:51]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 22:08]
S2 cb57837832;Mi841022t Windows Browser Servce;C:\WINDOWS\System32\svchost.exe [2008-02-21 18:10]
S2 sb77730532;Wi658060Shell Control Servic;C:\WINDOWS\System32\svchost.exe [2008-02-21 18:10]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 22:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
cb57837832
sb77730532

.
Contents of the 'Scheduled Tasks' folder
"2008-02-09 23:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 08:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2007-10-06 01:00:30 C:\WINDOWS\Tasks\At100.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-01-26 03:01:28 C:\WINDOWS\Tasks\At101.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2007-08-07 19:39:33 C:\WINDOWS\Tasks\At102.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2007-08-07 19:39:33 C:\WINDOWS\Tasks\At103.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2007-08-07 19:39:33 C:\WINDOWS\Tasks\At104.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-01-09 07:01:11 C:\WINDOWS\Tasks\At105.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 08:01:17 C:\WINDOWS\Tasks\At106.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 09:01:23 C:\WINDOWS\Tasks\At107.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 10:00:30 C:\WINDOWS\Tasks\At108.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 11:00:30 C:\WINDOWS\Tasks\At109.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 09:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-22 12:00:30 C:\WINDOWS\Tasks\At110.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 13:00:30 C:\WINDOWS\Tasks\At111.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 14:00:30 C:\WINDOWS\Tasks\At112.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 15:00:30 C:\WINDOWS\Tasks\At113.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 16:00:30 C:\WINDOWS\Tasks\At114.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 17:00:30 C:\WINDOWS\Tasks\At115.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 18:00:30 C:\WINDOWS\Tasks\At116.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 19:00:30 C:\WINDOWS\Tasks\At117.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 20:00:30 C:\WINDOWS\Tasks\At118.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 21:00:30 C:\WINDOWS\Tasks\At119.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 10:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-20 22:00:30 C:\WINDOWS\Tasks\At120.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-09 23:01:00 C:\WINDOWS\Tasks\At121.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-05 00:01:06 C:\WINDOWS\Tasks\At122.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-05 01:01:10 C:\WINDOWS\Tasks\At123.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2007-10-06 01:01:00 C:\WINDOWS\Tasks\At124.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-01-26 03:01:58 C:\WINDOWS\Tasks\At125.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2007-09-03 07:48:08 C:\WINDOWS\Tasks\At126.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2007-09-03 07:48:08 C:\WINDOWS\Tasks\At127.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2007-09-03 07:48:08 C:\WINDOWS\Tasks\At128.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-01-09 07:01:41 C:\WINDOWS\Tasks\At129.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 11:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 08:01:47 C:\WINDOWS\Tasks\At130.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 09:01:53 C:\WINDOWS\Tasks\At131.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 10:01:00 C:\WINDOWS\Tasks\At132.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 11:01:00 C:\WINDOWS\Tasks\At133.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 12:01:00 C:\WINDOWS\Tasks\At134.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 13:01:01 C:\WINDOWS\Tasks\At135.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 14:01:00 C:\WINDOWS\Tasks\At136.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 15:01:01 C:\WINDOWS\Tasks\At137.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 16:01:00 C:\WINDOWS\Tasks\At138.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 17:01:00 C:\WINDOWS\Tasks\At139.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 12:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 18:01:00 C:\WINDOWS\Tasks\At140.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 19:01:00 C:\WINDOWS\Tasks\At141.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 20:01:00 C:\WINDOWS\Tasks\At142.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 21:01:00 C:\WINDOWS\Tasks\At143.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 07:02:56 C:\WINDOWS\Tasks\At144.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 13:00:01 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-22 14:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 15:00:01 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 16:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 17:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-05 00:00:01 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 18:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 19:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 20:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 21:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-20 22:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-09 23:00:30 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-05 00:00:36 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-05 01:00:40 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2007-10-06 01:00:30 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-01-26 03:00:30 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-05 01:00:07 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2007-07-24 11:56:50 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2007-07-24 11:56:50 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2007-07-24 11:56:50 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-01-09 07:00:30 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 08:00:31 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-22 09:00:31 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-22 10:00:30 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-22 11:00:30 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-22 12:00:30 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-22 13:00:31 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2007-10-06 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-22 14:00:31 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 15:00:31 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 16:00:31 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 17:00:31 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 18:00:31 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 19:00:31 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 20:00:30 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 21:00:30 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-20 22:00:30 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-09 23:00:30 C:\WINDOWS\Tasks\At49.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-01-26 03:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-05 00:00:36 C:\WINDOWS\Tasks\At50.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-05 01:00:43 C:\WINDOWS\Tasks\At51.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2007-10-06 01:00:30 C:\WINDOWS\Tasks\At52.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-01-26 03:00:30 C:\WINDOWS\Tasks\At53.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2007-08-01 09:55:40 C:\WINDOWS\Tasks\At54.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2007-08-01 09:55:40 C:\WINDOWS\Tasks\At55.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2007-08-01 09:55:40 C:\WINDOWS\Tasks\At56.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-01-09 07:00:30 C:\WINDOWS\Tasks\At57.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 08:00:31 C:\WINDOWS\Tasks\At58.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-22 09:00:32 C:\WINDOWS\Tasks\At59.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2007-07-04 15:06:46 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-22 10:00:30 C:\WINDOWS\Tasks\At60.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-22 11:00:30 C:\WINDOWS\Tasks\At61.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-22 12:00:30 C:\WINDOWS\Tasks\At62.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-22 13:00:31 C:\WINDOWS\Tasks\At63.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-22 14:00:33 C:\WINDOWS\Tasks\At64.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 15:00:32 C:\WINDOWS\Tasks\At65.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 16:00:31 C:\WINDOWS\Tasks\At66.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 17:00:32 C:\WINDOWS\Tasks\At67.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 18:00:31 C:\WINDOWS\Tasks\At68.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 19:00:31 C:\WINDOWS\Tasks\At69.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2007-07-04 15:06:46 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 20:00:30 C:\WINDOWS\Tasks\At70.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 21:00:30 C:\WINDOWS\Tasks\At71.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-20 22:00:31 C:\WINDOWS\Tasks\At72.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-09 23:00:31 C:\WINDOWS\Tasks\At73.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-05 00:00:36 C:\WINDOWS\Tasks\At74.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-05 01:00:48 C:\WINDOWS\Tasks\At75.job"
- C:\WINDOWS\system32\521a54HY.exe
"2007-10-06 01:00:30 C:\WINDOWS\Tasks\At76.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-01-26 03:00:30 C:\WINDOWS\Tasks\At77.job"
- C:\WINDOWS\system32\521a54HY.exe
"2007-08-02 18:32:58 C:\WINDOWS\Tasks\At78.job"
- C:\WINDOWS\system32\521a54HY.exe
"2007-08-02 18:32:58 C:\WINDOWS\Tasks\At79.job"
- C:\WINDOWS\system32\521a54HY.exe
"2007-07-04 15:06:46 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2007-08-02 18:32:58 C:\WINDOWS\Tasks\At80.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-01-09 07:00:30 C:\WINDOWS\Tasks\At81.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 08:00:31 C:\WINDOWS\Tasks\At82.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 09:00:33 C:\WINDOWS\Tasks\At83.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 10:00:31 C:\WINDOWS\Tasks\At84.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 11:00:31 C:\WINDOWS\Tasks\At85.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 12:00:31 C:\WINDOWS\Tasks\At86.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 13:00:31 C:\WINDOWS\Tasks\At87.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 14:00:33 C:\WINDOWS\Tasks\At88.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 15:00:32 C:\WINDOWS\Tasks\At89.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-01-09 07:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 16:00:31 C:\WINDOWS\Tasks\At90.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 17:00:32 C:\WINDOWS\Tasks\At91.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 18:00:31 C:\WINDOWS\Tasks\At92.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 19:00:31 C:\WINDOWS\Tasks\At93.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 20:00:30 C:\WINDOWS\Tasks\At94.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 21:00:30 C:\WINDOWS\Tasks\At95.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-20 22:00:31 C:\WINDOWS\Tasks\At96.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-09 23:00:31 C:\WINDOWS\Tasks\At97.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-05 00:00:36 C:\WINDOWS\Tasks\At98.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-05 01:00:50 C:\WINDOWS\Tasks\At99.job"
- C:\WINDOWS\system32\o13oIC41.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 15:11:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-22 15:14:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-22 14:14:15




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:05, on 22.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.sk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lexie 2006 - {9EE61AF4-AC5B-42dd-9EBF-9DC30124C338} - C:\Program Files\Microton 2006\Lexie\lexie.dll (file missing)
O9 - Extra 'Tools' menuitem: Lexie 2006 - {9EE61AF4-AC5B-42dd-9EBF-9DC30124C338} - C:\Program Files\Microton 2006\Lexie\lexie.dll (file missing)
O16 - DPF: {CE40C3F1-3DF5-4461-A521-810923235628} (JOJ_Explorer_Player Control) - http://www.joj.sk/fileadmin/joj_player/ ... Player.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D18A2D37-1EDA-416F-A6A5-6238C798C7F5}: NameServer = 195.146.132.58 195.146.128.60
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4048 bytes


Offline

Užívateľ
Užívateľ
PROSIM PORADTE!!!!!!!

Registrovaný: 22.11.07
Príspevky: 1368
Témy: 22
Bydlisko: PD
Príspevok NapísalOffline : 22.02.2008 15:44

Takýto "čistý" pc som ešte nevidel. :-D Používaš vôbec nejaký antivírusový systém a firewall ? (nemyslím XP SP2 - to nie je firewall)







_________________
Koreňom všetkého zla je nedostatok poznania.
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.06
Prihlásený: 09.03.22
Príspevky: 123
Témy: 33
Bydlisko: Bratislava
Príspevok Napísal autor témyOffline : 22.02.2008 16:02

lio04 píše:
Takýto "čistý" pc som ešte nevidel. :-D Používaš vôbec nejaký antivírusový systém a firewall ? (nemyslím XP SP2 - to nie je firewall)


ja neviem, mne sa o PC "staral" ten co sa mi tamteraz hrabe, on mi instaloval vsetky programy, resp preinstalovaval windows a tak.

potrebujem skor radu a nie vysmech

dakujem


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 22.02.2008 16:15

na zaciatok :)
Otvor NOTEPAD>start>spustit napis notepad>ok
skopiruj Kod do notepadu, potom uloz nazov suboru pod nazvom CFScript.txt a uloz ho na plochu ku combofixu.
A urobis toto: PROSIM PORADTE!!!!!!!

Log vlozis opat sem :)


Kód:
File::
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At100.job
C:\WINDOWS\Tasks\At101.job
C:\WINDOWS\Tasks\At102.job
C:\WINDOWS\Tasks\At103.job
C:\WINDOWS\Tasks\At104.job
C:\WINDOWS\Tasks\At105.job
C:\WINDOWS\Tasks\At106.job
C:\WINDOWS\Tasks\At107.job
C:\WINDOWS\Tasks\At108.job
C:\WINDOWS\Tasks\At109.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At110.job
C:\WINDOWS\Tasks\At111.job
C:\WINDOWS\Tasks\At112.job
C:\WINDOWS\Tasks\At113.job
C:\WINDOWS\Tasks\At114.job
C:\WINDOWS\Tasks\At115.job
C:\WINDOWS\Tasks\At116.job
C:\WINDOWS\Tasks\At117.job
C:\WINDOWS\Tasks\At118.job
C:\WINDOWS\Tasks\At119.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At121.job
C:\WINDOWS\Tasks\At122.job
C:\WINDOWS\Tasks\At123.job
C:\WINDOWS\Tasks\At124.job
C:\WINDOWS\Tasks\At125.job
C:\WINDOWS\Tasks\At126.job
C:\WINDOWS\Tasks\At127.job
C:\WINDOWS\Tasks\At128.job
C:\WINDOWS\Tasks\At129.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At130.job
C:\WINDOWS\Tasks\At131.job
C:\WINDOWS\Tasks\At132.job
C:\WINDOWS\Tasks\At133.job
C:\WINDOWS\Tasks\At134.job
C:\WINDOWS\Tasks\At135.job
C:\WINDOWS\Tasks\At136.job
C:\WINDOWS\Tasks\At137.job
C:\WINDOWS\Tasks\At138.job
C:\WINDOWS\Tasks\At139.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At140.job
C:\WINDOWS\Tasks\At141.job
C:\WINDOWS\Tasks\At142.job
C:\WINDOWS\Tasks\At143.job
C:\WINDOWS\Tasks\At144.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At73.job
C:\WINDOWS\Tasks\At74.job
C:\WINDOWS\Tasks\At75.job
C:\WINDOWS\Tasks\At76.job
C:\WINDOWS\Tasks\At77.job
C:\WINDOWS\Tasks\At78.job
C:\WINDOWS\Tasks\At79.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At80.job
C:\WINDOWS\Tasks\At81.job
C:\WINDOWS\Tasks\At82.job
C:\WINDOWS\Tasks\At83.job
C:\WINDOWS\Tasks\At84.job
C:\WINDOWS\Tasks\At85.job
C:\WINDOWS\Tasks\At86.job
C:\WINDOWS\Tasks\At87.job
C:\WINDOWS\Tasks\At88.job
C:\WINDOWS\Tasks\At89.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At90.job
C:\WINDOWS\Tasks\At91.job
C:\WINDOWS\Tasks\At92.job
C:\WINDOWS\Tasks\At93.job
C:\WINDOWS\Tasks\At94.job
C:\WINDOWS\Tasks\At95.job
C:\WINDOWS\Tasks\At96.job
C:\WINDOWS\Tasks\At97.job
C:\WINDOWS\Tasks\At98.job
C:\WINDOWS\Tasks\At99.job


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.06
Prihlásený: 09.03.22
Príspevky: 123
Témy: 33
Bydlisko: Bratislava
Príspevok Napísal autor témyOffline : 22.02.2008 16:26

ComboFix 08-02-22.2 - Aďka 2008-02-22 16:20:00.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.162 [GMT 1:00]
Running from: C:\Documents and Settings\Aďka\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Aďka\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\DefLib.sys

.
((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.

2008-02-22 15:18 . 2008-02-22 15:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-29 09:57 . 2008-01-29 09:59 <DIR> d-------- C:\Program Files\Eurotran XP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 17:10 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-17 17:29 --------- d-----w C:\Program Files\Java
2008-01-17 17:26 --------- d-----w C:\Program Files\Common Files\Java
2008-01-12 19:32 46,080 ----a-w C:\WINDOWS\system32\makehm.exe
2008-01-07 14:09 506,920 ----a-w C:\WINDOWS\system32\w32sys15.exe
2008-01-07 14:09 46,080 ----a-w C:\WINDOWS\system32\deviceemulator.exe
2007-12-28 19:16 3,335 --sha-r C:\WINDOWS\system32\msvc32.dll
2007-12-28 19:14 46,080 ----a-w C:\WINDOWS\system32\i386kd.exe
2007-06-16 22:46 18,048 ----a-w C:\Documents and Settings\Aďka\Data aplikací\GDIPFONTCACHEV1.DAT
2007-07-24 15:06 19,968 --sha-r C:\WINDOWS\system32\crvdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe" [2004-05-06 16:01 516096]
"SiSPower"="SiSPower.dll" [2004-11-12 10:49 49152 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-17 14:49 389632 C:\WINDOWS\system32\cmd.exe]
"nlhr"="C:\WINDOWS\System32\AdvPack.Dll" [2004-08-17 14:49 100352]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-17 14:42 44544]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 00:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-04-28 17:47]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-04-28 17:48]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2004-04-29 06:51]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 22:08]
S2 cb57837832;Mi841022t Windows Browser Servce;C:\WINDOWS\System32\svchost.exe [2008-02-21 18:10]
S2 sb77730532;Wi658060Shell Control Servic;C:\WINDOWS\System32\svchost.exe [2008-02-21 18:10]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 22:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
cb57837832
sb77730532

.
Contents of the 'Scheduled Tasks' folder
"2008-02-09 23:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 08:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2007-10-06 01:00:30 C:\WINDOWS\Tasks\At100.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-01-26 03:01:28 C:\WINDOWS\Tasks\At101.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2007-08-07 19:39:33 C:\WINDOWS\Tasks\At102.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2007-08-07 19:39:33 C:\WINDOWS\Tasks\At103.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2007-08-07 19:39:33 C:\WINDOWS\Tasks\At104.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-01-09 07:01:11 C:\WINDOWS\Tasks\At105.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 08:01:17 C:\WINDOWS\Tasks\At106.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 09:01:23 C:\WINDOWS\Tasks\At107.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 10:00:30 C:\WINDOWS\Tasks\At108.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 11:00:30 C:\WINDOWS\Tasks\At109.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 09:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-22 12:00:30 C:\WINDOWS\Tasks\At110.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 13:00:30 C:\WINDOWS\Tasks\At111.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 14:00:30 C:\WINDOWS\Tasks\At112.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 15:01:15 C:\WINDOWS\Tasks\At113.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 16:00:30 C:\WINDOWS\Tasks\At114.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 17:00:30 C:\WINDOWS\Tasks\At115.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 18:00:30 C:\WINDOWS\Tasks\At116.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 19:00:30 C:\WINDOWS\Tasks\At117.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 20:00:30 C:\WINDOWS\Tasks\At118.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 21:00:30 C:\WINDOWS\Tasks\At119.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 10:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-20 22:00:30 C:\WINDOWS\Tasks\At120.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-09 23:01:00 C:\WINDOWS\Tasks\At121.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-05 00:01:06 C:\WINDOWS\Tasks\At122.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-05 01:01:10 C:\WINDOWS\Tasks\At123.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2007-10-06 01:01:00 C:\WINDOWS\Tasks\At124.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-01-26 03:01:58 C:\WINDOWS\Tasks\At125.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2007-09-03 07:48:08 C:\WINDOWS\Tasks\At126.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2007-09-03 07:48:08 C:\WINDOWS\Tasks\At127.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2007-09-03 07:48:08 C:\WINDOWS\Tasks\At128.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-01-09 07:01:41 C:\WINDOWS\Tasks\At129.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 11:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 08:01:47 C:\WINDOWS\Tasks\At130.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 09:01:53 C:\WINDOWS\Tasks\At131.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 10:01:00 C:\WINDOWS\Tasks\At132.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 11:01:00 C:\WINDOWS\Tasks\At133.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 12:01:00 C:\WINDOWS\Tasks\At134.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 13:01:01 C:\WINDOWS\Tasks\At135.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 14:01:00 C:\WINDOWS\Tasks\At136.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 15:01:45 C:\WINDOWS\Tasks\At137.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 16:01:00 C:\WINDOWS\Tasks\At138.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 17:01:00 C:\WINDOWS\Tasks\At139.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 12:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 18:01:00 C:\WINDOWS\Tasks\At140.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 19:01:00 C:\WINDOWS\Tasks\At141.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 20:01:00 C:\WINDOWS\Tasks\At142.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 21:01:00 C:\WINDOWS\Tasks\At143.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 07:02:56 C:\WINDOWS\Tasks\At144.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 13:00:01 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-22 14:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-22 15:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 16:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 17:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-05 00:00:01 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 18:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 19:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 20:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 21:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-20 22:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-09 23:00:30 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-05 00:00:36 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-05 01:00:40 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2007-10-06 01:00:30 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-01-26 03:00:30 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-05 01:00:07 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2007-07-24 11:56:50 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2007-07-24 11:56:50 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2007-07-24 11:56:50 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-01-09 07:00:30 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 08:00:31 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-22 09:00:31 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-22 10:00:30 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-22 11:00:30 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-22 12:00:30 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-22 13:00:31 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2007-10-06 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-22 14:00:31 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-22 15:00:30 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 16:00:31 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 17:00:31 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 18:00:31 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 19:00:31 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 20:00:30 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 21:00:30 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-20 22:00:30 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-09 23:00:30 C:\WINDOWS\Tasks\At49.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-01-26 03:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-05 00:00:36 C:\WINDOWS\Tasks\At50.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-05 01:00:43 C:\WINDOWS\Tasks\At51.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2007-10-06 01:00:30 C:\WINDOWS\Tasks\At52.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-01-26 03:00:30 C:\WINDOWS\Tasks\At53.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2007-08-01 09:55:40 C:\WINDOWS\Tasks\At54.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2007-08-01 09:55:40 C:\WINDOWS\Tasks\At55.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2007-08-01 09:55:40 C:\WINDOWS\Tasks\At56.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-01-09 07:00:30 C:\WINDOWS\Tasks\At57.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 08:00:31 C:\WINDOWS\Tasks\At58.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-22 09:00:32 C:\WINDOWS\Tasks\At59.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2007-07-04 15:06:46 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-22 10:00:30 C:\WINDOWS\Tasks\At60.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-22 11:00:30 C:\WINDOWS\Tasks\At61.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-22 12:00:30 C:\WINDOWS\Tasks\At62.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-22 13:00:31 C:\WINDOWS\Tasks\At63.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-22 14:00:33 C:\WINDOWS\Tasks\At64.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-22 15:00:30 C:\WINDOWS\Tasks\At65.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 16:00:31 C:\WINDOWS\Tasks\At66.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 17:00:32 C:\WINDOWS\Tasks\At67.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 18:00:31 C:\WINDOWS\Tasks\At68.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 19:00:31 C:\WINDOWS\Tasks\At69.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2007-07-04 15:06:46 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 20:00:30 C:\WINDOWS\Tasks\At70.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 21:00:30 C:\WINDOWS\Tasks\At71.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-20 22:00:31 C:\WINDOWS\Tasks\At72.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-09 23:00:31 C:\WINDOWS\Tasks\At73.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-05 00:00:36 C:\WINDOWS\Tasks\At74.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-05 01:00:48 C:\WINDOWS\Tasks\At75.job"
- C:\WINDOWS\system32\521a54HY.exe
"2007-10-06 01:00:30 C:\WINDOWS\Tasks\At76.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-01-26 03:00:30 C:\WINDOWS\Tasks\At77.job"
- C:\WINDOWS\system32\521a54HY.exe
"2007-08-02 18:32:58 C:\WINDOWS\Tasks\At78.job"
- C:\WINDOWS\system32\521a54HY.exe
"2007-08-02 18:32:58 C:\WINDOWS\Tasks\At79.job"
- C:\WINDOWS\system32\521a54HY.exe
"2007-07-04 15:06:46 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2007-08-02 18:32:58 C:\WINDOWS\Tasks\At80.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-01-09 07:00:30 C:\WINDOWS\Tasks\At81.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 08:00:31 C:\WINDOWS\Tasks\At82.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 09:00:33 C:\WINDOWS\Tasks\At83.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 10:00:31 C:\WINDOWS\Tasks\At84.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 11:00:31 C:\WINDOWS\Tasks\At85.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 12:00:31 C:\WINDOWS\Tasks\At86.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 13:00:31 C:\WINDOWS\Tasks\At87.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 14:00:33 C:\WINDOWS\Tasks\At88.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 15:00:30 C:\WINDOWS\Tasks\At89.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-01-09 07:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 16:00:31 C:\WINDOWS\Tasks\At90.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 17:00:32 C:\WINDOWS\Tasks\At91.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 18:00:31 C:\WINDOWS\Tasks\At92.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 19:00:31 C:\WINDOWS\Tasks\At93.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 20:00:30 C:\WINDOWS\Tasks\At94.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 21:00:30 C:\WINDOWS\Tasks\At95.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-20 22:00:31 C:\WINDOWS\Tasks\At96.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-09 23:00:31 C:\WINDOWS\Tasks\At97.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-05 00:00:36 C:\WINDOWS\Tasks\At98.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-05 01:00:50 C:\WINDOWS\Tasks\At99.job"
- C:\WINDOWS\system32\o13oIC41.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 16:22:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-22 16:23:33
ComboFix-quarantined-files.txt 2008-02-22 15:23:24
ComboFix2.txt 2008-02-22 14:14:21


dakujem


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM PORADTE!!!!!!!

Registrovaný: 22.03.07
Prihlásený: 23.06.23
Príspevky: 2096
Témy: 15
Bydlisko: Bratislava V
Príspevok NapísalOffline : 22.02.2008 16:27

K predošlému ešte pridať C:\WINDOWS\system32\crvdll.dl (pre istotu by som vymazal aj súbory asociované s úlohami).


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 22.02.2008 16:32

takze este raz :D nejako sa to nepodarilo poprve :D

na zaciatok
Otvor NOTEPAD>start>spustit napis notepad>ok
skopiruj Kod do notepadu, potom uloz nazov suboru pod nazvom CFScript.txt a uloz ho na plochu ku combofixu.
A urobis toto:
PROSIM PORADTE!!!!!!!

Kód:
File::
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At100.job
C:\WINDOWS\Tasks\At101.job
C:\WINDOWS\Tasks\At102.job
C:\WINDOWS\Tasks\At103.job
C:\WINDOWS\Tasks\At104.job
C:\WINDOWS\Tasks\At105.job
C:\WINDOWS\Tasks\At106.job
C:\WINDOWS\Tasks\At107.job
C:\WINDOWS\Tasks\At108.job
C:\WINDOWS\Tasks\At109.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At110.job
C:\WINDOWS\Tasks\At111.job
C:\WINDOWS\Tasks\At112.job
C:\WINDOWS\Tasks\At113.job
C:\WINDOWS\Tasks\At114.job
C:\WINDOWS\Tasks\At115.job
C:\WINDOWS\Tasks\At116.job
C:\WINDOWS\Tasks\At117.job
C:\WINDOWS\Tasks\At118.job
C:\WINDOWS\Tasks\At119.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At121.job
C:\WINDOWS\Tasks\At122.job
C:\WINDOWS\Tasks\At123.job
C:\WINDOWS\Tasks\At124.job
C:\WINDOWS\Tasks\At125.job
C:\WINDOWS\Tasks\At126.job
C:\WINDOWS\Tasks\At127.job
C:\WINDOWS\Tasks\At128.job
C:\WINDOWS\Tasks\At129.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At130.job
C:\WINDOWS\Tasks\At131.job
C:\WINDOWS\Tasks\At132.job
C:\WINDOWS\Tasks\At133.job
C:\WINDOWS\Tasks\At134.job
C:\WINDOWS\Tasks\At135.job
C:\WINDOWS\Tasks\At136.job
C:\WINDOWS\Tasks\At137.job
C:\WINDOWS\Tasks\At138.job
C:\WINDOWS\Tasks\At139.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At140.job
C:\WINDOWS\Tasks\At141.job
C:\WINDOWS\Tasks\At142.job
C:\WINDOWS\Tasks\At143.job
C:\WINDOWS\Tasks\At144.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At73.job
C:\WINDOWS\Tasks\At74.job
C:\WINDOWS\Tasks\At75.job
C:\WINDOWS\Tasks\At76.job
C:\WINDOWS\Tasks\At77.job
C:\WINDOWS\Tasks\At78.job
C:\WINDOWS\Tasks\At79.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At80.job
C:\WINDOWS\Tasks\At81.job
C:\WINDOWS\Tasks\At82.job
C:\WINDOWS\Tasks\At83.job
C:\WINDOWS\Tasks\At84.job
C:\WINDOWS\Tasks\At85.job
C:\WINDOWS\Tasks\At86.job
C:\WINDOWS\Tasks\At87.job
C:\WINDOWS\Tasks\At88.job
C:\WINDOWS\Tasks\At89.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At90.job
C:\WINDOWS\Tasks\At91.job
C:\WINDOWS\Tasks\At92.job
C:\WINDOWS\Tasks\At93.job
C:\WINDOWS\Tasks\At94.job
C:\WINDOWS\Tasks\At95.job
C:\WINDOWS\Tasks\At96.job
C:\WINDOWS\Tasks\At97.job
C:\WINDOWS\Tasks\At98.job
C:\WINDOWS\Tasks\At99.job
C:\WINDOWS\system32\crvdll.dl


Log vlozis opat sem


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.06
Prihlásený: 09.03.22
Príspevky: 123
Témy: 33
Bydlisko: Bratislava
Príspevok Napísal autor témyOffline : 22.02.2008 16:42

ComboFix 08-02-22.2 - Aďka 2008-02-22 16:37:50.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.153 [GMT 1:00]
Running from: C:\Documents and Settings\Aďka\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Aďka\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\crvdll.dl
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At100.job
C:\WINDOWS\Tasks\At101.job
C:\WINDOWS\Tasks\At102.job
C:\WINDOWS\Tasks\At103.job
C:\WINDOWS\Tasks\At104.job
C:\WINDOWS\Tasks\At105.job
C:\WINDOWS\Tasks\At106.job
C:\WINDOWS\Tasks\At107.job
C:\WINDOWS\Tasks\At108.job
C:\WINDOWS\Tasks\At109.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At110.job
C:\WINDOWS\Tasks\At111.job
C:\WINDOWS\Tasks\At112.job
C:\WINDOWS\Tasks\At113.job
C:\WINDOWS\Tasks\At114.job
C:\WINDOWS\Tasks\At115.job
C:\WINDOWS\Tasks\At116.job
C:\WINDOWS\Tasks\At117.job
C:\WINDOWS\Tasks\At118.job
C:\WINDOWS\Tasks\At119.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At121.job
C:\WINDOWS\Tasks\At122.job
C:\WINDOWS\Tasks\At123.job
C:\WINDOWS\Tasks\At124.job
C:\WINDOWS\Tasks\At125.job
C:\WINDOWS\Tasks\At126.job
C:\WINDOWS\Tasks\At127.job
C:\WINDOWS\Tasks\At128.job
C:\WINDOWS\Tasks\At129.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At130.job
C:\WINDOWS\Tasks\At131.job
C:\WINDOWS\Tasks\At132.job
C:\WINDOWS\Tasks\At133.job
C:\WINDOWS\Tasks\At134.job
C:\WINDOWS\Tasks\At135.job
C:\WINDOWS\Tasks\At136.job
C:\WINDOWS\Tasks\At137.job
C:\WINDOWS\Tasks\At138.job
C:\WINDOWS\Tasks\At139.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At140.job
C:\WINDOWS\Tasks\At141.job
C:\WINDOWS\Tasks\At142.job
C:\WINDOWS\Tasks\At143.job
C:\WINDOWS\Tasks\At144.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At73.job
C:\WINDOWS\Tasks\At74.job
C:\WINDOWS\Tasks\At75.job
C:\WINDOWS\Tasks\At76.job
C:\WINDOWS\Tasks\At77.job
C:\WINDOWS\Tasks\At78.job
C:\WINDOWS\Tasks\At79.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At80.job
C:\WINDOWS\Tasks\At81.job
C:\WINDOWS\Tasks\At82.job
C:\WINDOWS\Tasks\At83.job
C:\WINDOWS\Tasks\At84.job
C:\WINDOWS\Tasks\At85.job
C:\WINDOWS\Tasks\At86.job
C:\WINDOWS\Tasks\At87.job
C:\WINDOWS\Tasks\At88.job
C:\WINDOWS\Tasks\At89.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At90.job
C:\WINDOWS\Tasks\At91.job
C:\WINDOWS\Tasks\At92.job
C:\WINDOWS\Tasks\At93.job
C:\WINDOWS\Tasks\At94.job
C:\WINDOWS\Tasks\At95.job
C:\WINDOWS\Tasks\At96.job
C:\WINDOWS\Tasks\At97.job
C:\WINDOWS\Tasks\At98.job
C:\WINDOWS\Tasks\At99.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At100.job
C:\WINDOWS\Tasks\At101.job
C:\WINDOWS\Tasks\At102.job
C:\WINDOWS\Tasks\At103.job
C:\WINDOWS\Tasks\At104.job
C:\WINDOWS\Tasks\At105.job
C:\WINDOWS\Tasks\At106.job
C:\WINDOWS\Tasks\At107.job
C:\WINDOWS\Tasks\At108.job
C:\WINDOWS\Tasks\At109.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At110.job
C:\WINDOWS\Tasks\At111.job
C:\WINDOWS\Tasks\At112.job
C:\WINDOWS\Tasks\At113.job
C:\WINDOWS\Tasks\At114.job
C:\WINDOWS\Tasks\At115.job
C:\WINDOWS\Tasks\At116.job
C:\WINDOWS\Tasks\At117.job
C:\WINDOWS\Tasks\At118.job
C:\WINDOWS\Tasks\At119.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At121.job
C:\WINDOWS\Tasks\At122.job
C:\WINDOWS\Tasks\At123.job
C:\WINDOWS\Tasks\At124.job
C:\WINDOWS\Tasks\At125.job
C:\WINDOWS\Tasks\At126.job
C:\WINDOWS\Tasks\At127.job
C:\WINDOWS\Tasks\At128.job
C:\WINDOWS\Tasks\At129.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At130.job
C:\WINDOWS\Tasks\At131.job
C:\WINDOWS\Tasks\At132.job
C:\WINDOWS\Tasks\At133.job
C:\WINDOWS\Tasks\At134.job
C:\WINDOWS\Tasks\At135.job
C:\WINDOWS\Tasks\At136.job
C:\WINDOWS\Tasks\At137.job
C:\WINDOWS\Tasks\At138.job
C:\WINDOWS\Tasks\At139.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At140.job
C:\WINDOWS\Tasks\At141.job
C:\WINDOWS\Tasks\At142.job
C:\WINDOWS\Tasks\At143.job
C:\WINDOWS\Tasks\At144.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At73.job
C:\WINDOWS\Tasks\At74.job
C:\WINDOWS\Tasks\At75.job
C:\WINDOWS\Tasks\At76.job
C:\WINDOWS\Tasks\At77.job
C:\WINDOWS\Tasks\At78.job
C:\WINDOWS\Tasks\At79.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At80.job
C:\WINDOWS\Tasks\At81.job
C:\WINDOWS\Tasks\At82.job
C:\WINDOWS\Tasks\At83.job
C:\WINDOWS\Tasks\At84.job
C:\WINDOWS\Tasks\At85.job
C:\WINDOWS\Tasks\At86.job
C:\WINDOWS\Tasks\At87.job
C:\WINDOWS\Tasks\At88.job
C:\WINDOWS\Tasks\At89.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At90.job
C:\WINDOWS\Tasks\At91.job
C:\WINDOWS\Tasks\At92.job
C:\WINDOWS\Tasks\At93.job
C:\WINDOWS\Tasks\At94.job
C:\WINDOWS\Tasks\At95.job
C:\WINDOWS\Tasks\At96.job
C:\WINDOWS\Tasks\At97.job
C:\WINDOWS\Tasks\At98.job
C:\WINDOWS\Tasks\At99.job

.
((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.

2008-02-22 15:18 . 2008-02-22 15:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-29 09:57 . 2008-01-29 09:59 <DIR> d-------- C:\Program Files\Eurotran XP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 17:10 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-17 17:29 --------- d-----w C:\Program Files\Java
2008-01-17 17:26 --------- d-----w C:\Program Files\Common Files\Java
2008-01-12 19:32 46,080 ----a-w C:\WINDOWS\system32\makehm.exe
2008-01-07 14:09 506,920 ----a-w C:\WINDOWS\system32\w32sys15.exe
2008-01-07 14:09 46,080 ----a-w C:\WINDOWS\system32\deviceemulator.exe
2007-12-28 19:16 3,335 --sha-r C:\WINDOWS\system32\msvc32.dll
2007-12-28 19:14 46,080 ----a-w C:\WINDOWS\system32\i386kd.exe
2007-06-16 22:46 18,048 ----a-w C:\Documents and Settings\Aďka\Data aplikací\GDIPFONTCACHEV1.DAT
2007-07-24 15:06 19,968 --sha-r C:\WINDOWS\system32\crvdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe" [2004-05-06 16:01 516096]
"SiSPower"="SiSPower.dll" [2004-11-12 10:49 49152 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-17 14:49 389632 C:\WINDOWS\system32\cmd.exe]
"nlhr"="C:\WINDOWS\System32\AdvPack.Dll" [2004-08-17 14:49 100352]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-17 14:42 44544]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 00:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-04-28 17:47]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-04-28 17:48]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2004-04-29 06:51]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 22:08]
S2 cb57837832;Mi841022t Windows Browser Servce;C:\WINDOWS\System32\svchost.exe [2008-02-21 18:10]
S2 sb77730532;Wi658060Shell Control Servic;C:\WINDOWS\System32\svchost.exe [2008-02-21 18:10]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 22:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
cb57837832
sb77730532

.
Contents of the 'Scheduled Tasks' folder
"2008-02-20 22:00:30 C:\WINDOWS\Tasks\At120.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 18:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 16:40:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-22 16:41:01
ComboFix-quarantined-files.txt 2008-02-22 15:40:46
ComboFix2.txt 2008-02-22 15:23:34
ComboFix3.txt 2008-02-22 14:14:21


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 22.02.2008 16:49

..musim bezat do prace, nech ma zastupi Br4no..thanx..


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM PORADTE!!!!!!!

Registrovaný: 22.03.07
Prihlásený: 23.06.23
Príspevky: 2096
Témy: 15
Bydlisko: Bratislava V
Príspevok NapísalOffline : 22.02.2008 16:50

Omg, ľutujem, že som sa doteraz nenaučil používať grep.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.06
Prihlásený: 09.03.22
Príspevky: 123
Témy: 33
Bydlisko: Bratislava
Príspevok Napísal autor témyOffline : 22.02.2008 16:53

br4n0 píše:
Omg, ľutujem, že som sa doteraz nenaučil používať grep.


???


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.03.07
Prihlásený: 28.07.16
Príspevky: 4149
Témy: 251
Bydlisko: Michalovce
Príspevok NapísalOffline : 22.02.2008 17:09

Majko píše:
???


http://cs.wikipedia.org/wiki/Grep :rolleyes:







_________________
PC1: Intel Core i5 4690k / MSI Z97 Gaming 3 / Kingston HyperX Fury 8GB DDR3 / MSI R9 380 Gaming 2GB / Crucial MX100 256GB SSD / Samsung EcoGreen F3 HD105SI 1TB SATA / CoolerMaster G450M / LG IPS235P

PC2: AMD Phenom II X4 955 / ASUS M5A97 PRO / Kingston 8GB Kit DDR3 / grafika RIP :( /

NTB: Lenovo IdeaPad Y580 - Intel Core i5 3210 / 15.6" 1080p / 8GB DDR3 / NVIDIA GeForce GTX660M 2GB / SSD 90GB Intel 525 mSATA / HDD 1TB 5400 RPM
Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM PORADTE!!!!!!!

Registrovaný: 22.03.07
Prihlásený: 23.06.23
Príspevky: 2096
Témy: 15
Bydlisko: Bratislava V
Príspevok NapísalOffline : 22.02.2008 17:33

Tak, ešte do Avengera skopíruj:

Kód:
files to delete:
C:\WINDOWS\system32\crvdll.dll
C:\WINDOWS\system32\makehm.exe
C:\WINDOWS\system32\w32sys15.exe
C:\WINDOWS\system32\deviceemulator.exe
C:\WINDOWS\system32\msvc32.dll
C:\WINDOWS\system32\i386kd.exe
C:\Documents and Settings\Aďka\Data aplikací\GDIPFONTCACHEV1.DAT
C:\WINDOWS\Tasks\At120.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\system32\6Ff04X5y.exe
C:\WINDOWS\system32\o13oIC41.exe
C:\WINDOWS\system32\Wv22YBn3.exe
C:\WINDOWS\system32\Y866f04y.exe
C:\WINDOWS\system32\b33r06hF.exe
C:\WINDOWS\system32\521a54HY.exe


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.06
Prihlásený: 09.03.22
Príspevky: 123
Témy: 33
Bydlisko: Bratislava
Príspevok Napísal autor témyOffline : 22.02.2008 17:52

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\grmpqola

*******************

Script file located at: \??\C:\Program Files\niwdsahr.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\crvdll.dll deleted successfully.
File C:\WINDOWS\system32\makehm.exe deleted successfully.
File C:\WINDOWS\system32\w32sys15.exe deleted successfully.
File C:\WINDOWS\system32\deviceemulator.exe deleted successfully.
File C:\WINDOWS\system32\msvc32.dll deleted successfully.
File C:\WINDOWS\system32\i386kd.exe deleted successfully.
File C:\Documents and Settings\Aďka\Data aplikací\GDIPFONTCACHEV1.DAT deleted successfully.
File C:\WINDOWS\Tasks\At120.job deleted successfully.
File C:\WINDOWS\Tasks\At20.job deleted successfully.


File C:\WINDOWS\system32\6Ff04X5y.exe not found!
Deletion of file C:\WINDOWS\system32\6Ff04X5y.exe failed!

Could not process line:
C:\WINDOWS\system32\6Ff04X5y.exe
Status: 0xc0000034

File C:\WINDOWS\system32\o13oIC41.exe deleted successfully.
File C:\WINDOWS\system32\Wv22YBn3.exe deleted successfully.
File C:\WINDOWS\system32\Y866f04y.exe deleted successfully.
File C:\WINDOWS\system32\b33r06hF.exe deleted successfully.
File C:\WINDOWS\system32\521a54HY.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM PORADTE!!!!!!!

Registrovaný: 22.03.07
Prihlásený: 23.06.23
Príspevky: 2096
Témy: 15
Bydlisko: Bratislava V
Príspevok NapísalOffline : 22.02.2008 18:59

Dobre, ešte skús SDFix, či ešte niečo nenájde. A určite si daj nejaký AV, odporúčam AntiVir PE.


Naposledy upravil br4n0 dňa 22.02.2008 19:24, celkovo upravené 1

Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.06
Prihlásený: 09.03.22
Príspevky: 123
Témy: 33
Bydlisko: Bratislava
Príspevok Napísal autor témyOffline : 22.02.2008 19:24

br4n0 píše:
Dobre, ešte skús SDFix, či ešte niečo nenájde.



a podla ktorej verzie to mam urobit? v nudzovom rezime alebo to druhe?


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM PORADTE!!!!!!!

Registrovaný: 22.03.07
Prihlásený: 23.06.23
Príspevky: 2096
Témy: 15
Bydlisko: Bratislava V
Príspevok NapísalOffline : 22.02.2008 19:25

V núdzovom režime.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.06
Prihlásený: 09.03.22
Príspevky: 123
Témy: 33
Bydlisko: Bratislava
Príspevok Napísal autor témyOffline : 22.02.2008 19:26

ok idem na to.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.06
Prihlásený: 09.03.22
Príspevky: 123
Témy: 33
Bydlisko: Bratislava
Príspevok Napísal autor témyOffline : 22.02.2008 19:33

nefunguje mi to, ked stlacam f8 tak mi tam nenaskoci to okno s ponukou stav nudze


Offline

Skúsený užívateľ
Skúsený užívateľ
PROSIM PORADTE!!!!!!!

Registrovaný: 22.03.07
Prihlásený: 23.06.23
Príspevky: 2096
Témy: 15
Bydlisko: Bratislava V
Príspevok NapísalOffline : 22.02.2008 19:42

Skús stláčať skôr.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.09.06
Prihlásený: 09.03.22
Príspevky: 123
Témy: 33
Bydlisko: Bratislava
Príspevok Napísal autor témyOffline : 22.02.2008 20:00

SDFix: Version 1.144

Run by Aďka on pá 22.02.2008 at 19:49

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\DOCUME~1\AKA~1\Plocha\SDFix

Checking Services:

Name:
cb57837832
sb77730532

Path:
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs

cb57837832 - Deleted
sb77730532 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Checking Files:

Trojan Files Found:

C:\100.TMP - Deleted
C:\101.TMP - Deleted
C:\102.TMP - Deleted
C:\103.TMP - Deleted
C:\104.TMP - Deleted
C:\105.TMP - Deleted
C:\106.TMP - Deleted
C:\107.TMP - Deleted
C:\108.TMP - Deleted
C:\109.TMP - Deleted
C:\10A.TMP - Deleted
C:\10B.TMP - Deleted
C:\10C.TMP - Deleted
C:\10D.TMP - Deleted
C:\10E.TMP - Deleted
C:\10F.TMP - Deleted
C:\110.TMP - Deleted
C:\111.TMP - Deleted
C:\112.TMP - Deleted
C:\113.TMP - Deleted
C:\114.TMP - Deleted
C:\115.TMP - Deleted
C:\116.TMP - Deleted
C:\117.TMP - Deleted
C:\118.TMP - Deleted
C:\119.TMP - Deleted
C:\11A.TMP - Deleted
C:\11B.TMP - Deleted
C:\11C.TMP - Deleted
C:\11D.TMP - Deleted
C:\11E.TMP - Deleted
C:\11F.TMP - Deleted
C:\120.TMP - Deleted
C:\121.TMP - Deleted
C:\122.TMP - Deleted
C:\123.TMP - Deleted
C:\124.TMP - Deleted
C:\125.TMP - Deleted
C:\126.TMP - Deleted
C:\127.TMP - Deleted
C:\128.TMP - Deleted
C:\129.TMP - Deleted
C:\12A.TMP - Deleted
C:\12B.TMP - Deleted
C:\12C.TMP - Deleted
C:\12D.TMP - Deleted
C:\12E.TMP - Deleted
C:\12F.TMP - Deleted
C:\130.TMP - Deleted
C:\131.TMP - Deleted
C:\132.TMP - Deleted
C:\133.TMP - Deleted
C:\134.TMP - Deleted
C:\135.TMP - Deleted
C:\136.TMP - Deleted
C:\137.TMP - Deleted
C:\138.TMP - Deleted
C:\139.TMP - Deleted
C:\13A.TMP - Deleted
C:\13B.TMP - Deleted
C:\13C.TMP - Deleted
C:\13D.TMP - Deleted
C:\13E.TMP - Deleted
C:\13F.TMP - Deleted
C:\140.TMP - Deleted
C:\141.TMP - Deleted
C:\142.TMP - Deleted
C:\143.TMP - Deleted
C:\144.TMP - Deleted
C:\145.TMP - Deleted
C:\146.TMP - Deleted
C:\147.TMP - Deleted
C:\148.TMP - Deleted
C:\149.TMP - Deleted
C:\14A.TMP - Deleted
C:\14B.TMP - Deleted
C:\14C.TMP - Deleted
C:\14D.TMP - Deleted
C:\14E.TMP - Deleted
C:\14F.TMP - Deleted
C:\150.TMP - Deleted
C:\151.TMP - Deleted
C:\152.TMP - Deleted
C:\153.TMP - Deleted
C:\154.TMP - Deleted
C:\155.TMP - Deleted
C:\156.TMP - Deleted
C:\157.TMP - Deleted
C:\158.TMP - Deleted
C:\159.TMP - Deleted
C:\15A.TMP - Deleted
C:\15B.TMP - Deleted
C:\15C.TMP - Deleted
C:\15D.TMP - Deleted
C:\15E.TMP - Deleted
C:\15F.TMP - Deleted
C:\160.TMP - Deleted
C:\161.TMP - Deleted
C:\162.TMP - Deleted
C:\163.TMP - Deleted
C:\164.TMP - Deleted
C:\165.TMP - Deleted
C:\166.TMP - Deleted
C:\167.TMP - Deleted
C:\168.TMP - Deleted
C:\169.TMP - Deleted
C:\16A.TMP - Deleted
C:\16B.TMP - Deleted
C:\16C.TMP - Deleted
C:\16D.TMP - Deleted
C:\16E.TMP - Deleted
C:\16F.TMP - Deleted
C:\170.TMP - Deleted
C:\171.TMP - Deleted
C:\172.TMP - Deleted
C:\173.TMP - Deleted
C:\174.TMP - Deleted
C:\175.TMP - Deleted
C:\176.TMP - Deleted
C:\177.TMP - Deleted
C:\185.TMP - Deleted
C:\18E.TMP - Deleted
C:\18F.TMP - Deleted
C:\190.TMP - Deleted
C:\191.TMP - Deleted
C:\192.TMP - Deleted
C:\193.TMP - Deleted
C:\1A7.TMP - Deleted
C:\1AB.TMP - Deleted
C:\1AC.TMP - Deleted
C:\1B.TMP - Deleted
C:\1C3.TMP - Deleted
C:\1C4.TMP - Deleted
C:\1C5.TMP - Deleted
C:\1C6.TMP - Deleted
C:\1C7.TMP - Deleted
C:\1D8.TMP - Deleted
C:\1DF.TMP - Deleted
C:\1E0.TMP - Deleted
C:\1F7.TMP - Deleted
C:\1F8.TMP - Deleted
C:\209.TMP - Deleted
C:\20A.TMP - Deleted
C:\20C.TMP - Deleted
C:\212.TMP - Deleted
C:\213.TMP - Deleted
C:\214.TMP - Deleted
C:\22B.TMP - Deleted
C:\22C.TMP - Deleted
C:\243.TMP - Deleted
C:\244.TMP - Deleted
C:\245.TMP - Deleted
C:\246.TMP - Deleted
C:\247.TMP - Deleted
C:\248.TMP - Deleted
C:\25F.TMP - Deleted
C:\260.TMP - Deleted
C:\261.TMP - Deleted
C:\262.TMP - Deleted
C:\263.TMP - Deleted
C:\264.TMP - Deleted
C:\291.TMP - Deleted
C:\292.TMP - Deleted
C:\299.TMP - Deleted
C:\2A2.TMP - Deleted
C:\2A3.TMP - Deleted
C:\2BA.TMP - Deleted
C:\2D1.TMP - Deleted
C:\2D2.TMP - Deleted
C:\2D3.TMP - Deleted
C:\2D4.TMP - Deleted
C:\2D5.TMP - Deleted
C:\2D6.TMP - Deleted
C:\2D7.TMP - Deleted
C:\2D8.TMP - Deleted
C:\2D9.TMP - Deleted
C:\2E8.TMP - Deleted
C:\2E9.TMP - Deleted
C:\2EA.TMP - Deleted
C:\2EB.TMP - Deleted
C:\2EC.TMP - Deleted
C:\2ED.TMP - Deleted
C:\2EE.TMP - Deleted
C:\2EF.TMP - Deleted
C:\2F0.TMP - Deleted
C:\2F1.TMP - Deleted
C:\300.TMP - Deleted
C:\301.TMP - Deleted
C:\302.TMP - Deleted
C:\303.TMP - Deleted
C:\304.TMP - Deleted
C:\305.TMP - Deleted
C:\306.TMP - Deleted
C:\307.TMP - Deleted
C:\308.TMP - Deleted
C:\309.TMP - Deleted
C:\30A.TMP - Deleted
C:\30B.TMP - Deleted
C:\30C.TMP - Deleted
C:\313.TMP - Deleted
C:\31C.TMP - Deleted
C:\31D.TMP - Deleted
C:\31E.TMP - Deleted
C:\31F.TMP - Deleted
C:\320.TMP - Deleted
C:\321.TMP - Deleted
C:\328.TMP - Deleted
C:\32B.TMP - Deleted
C:\332.TMP - Deleted
C:\333.TMP - Deleted
C:\334.TMP - Deleted
C:\335.TMP - Deleted
C:\336.TMP - Deleted
C:\337.TMP - Deleted
C:\338.TMP - Deleted
C:\339.TMP - Deleted
C:\33A.TMP - Deleted
C:\33B.TMP - Deleted
C:\33C.TMP - Deleted
C:\33D.TMP - Deleted
C:\33E.TMP - Deleted
C:\33F.TMP - Deleted
C:\340.TMP - Deleted
C:\341.TMP - Deleted
C:\342.TMP - Deleted
C:\343.TMP - Deleted
C:\344.TMP - Deleted
C:\345.TMP - Deleted
C:\346.TMP - Deleted
C:\347.TMP - Deleted
C:\348.TMP - Deleted
C:\349.TMP - Deleted
C:\34A.TMP - Deleted
C:\34B.TMP - Deleted
C:\34C.TMP - Deleted
C:\34D.TMP - Deleted
C:\34E.TMP - Deleted
C:\34F.TMP - Deleted
C:\350.TMP - Deleted
C:\351.TMP - Deleted
C:\352.TMP - Deleted
C:\353.TMP - Deleted
C:\354.TMP - Deleted
C:\355.TMP - Deleted
C:\356.TMP - Deleted
C:\357.TMP - Deleted
C:\358.TMP - Deleted
C:\359.TMP - Deleted
C:\35A.TMP - Deleted
C:\35B.TMP - Deleted
C:\35C.TMP - Deleted
C:\35D.TMP - Deleted
C:\35E.TMP - Deleted
C:\35F.TMP - Deleted
C:\360.TMP - Deleted
C:\361.TMP - Deleted
C:\362.TMP - Deleted
C:\363.TMP - Deleted
C:\364.TMP - Deleted
C:\366.TMP - Deleted
C:\6D.TMP - Deleted
C:\6E.TMP - Deleted
C:\6F.TMP - Deleted
C:\70.TMP - Deleted
C:\71.TMP - Deleted
C:\76.TMP - Deleted
C:\77.TMP - Deleted
C:\78.TMP - Deleted
C:\79.TMP - Deleted
C:\7A.TMP - Deleted
C:\7F.TMP - Deleted
C:\80.TMP - Deleted
C:\81.TMP - Deleted
C:\82.TMP - Deleted
C:\83.TMP - Deleted
C:\84.TMP - Deleted
C:\85.TMP - Deleted
C:\86.TMP - Deleted
C:\87.TMP - Deleted
C:\88.TMP - Deleted
C:\89.TMP - Deleted
C:\8A.TMP - Deleted
C:\8B.TMP - Deleted
C:\8C.TMP - Deleted
C:\8F.TMP - Deleted
C:\91.TMP - Deleted
C:\94.TMP - Deleted
C:\95.TMP - Deleted
C:\96.TMP - Deleted
C:\97.TMP - Deleted
C:\98.TMP - Deleted
C:\A1.TMP - Deleted
C:\A5.TMP - Deleted
C:\A6.TMP - Deleted
C:\A7.TMP - Deleted
C:\A9.TMP - Deleted
C:\AA.TMP - Deleted
C:\AC.TMP - Deleted
C:\AD.TMP - Deleted
C:\AE.TMP - Deleted
C:\AF.TMP - Deleted
C:\B0.TMP - Deleted
C:\B1.TMP - Deleted
C:\B2.TMP - Deleted
C:\B3.TMP - Deleted
C:\B4.TMP - Deleted
C:\B5.TMP - Deleted
C:\B6.TMP - Deleted
C:\B7.TMP - Deleted
C:\B8.TMP - Deleted
C:\B9.TMP - Deleted
C:\BA.TMP - Deleted
C:\BB.TMP - Deleted
C:\BC.TMP - Deleted
C:\BD.TMP - Deleted
C:\BE.TMP - Deleted
C:\BF.TMP - Deleted
C:\C0.TMP - Deleted
C:\C1.TMP - Deleted
C:\C2.TMP - Deleted
C:\C3.TMP - Deleted
C:\C4.TMP - Deleted
C:\C5.TMP - Deleted
C:\C6.TMP - Deleted
C:\C7.TMP - Deleted
C:\C8.TMP - Deleted
C:\C9.TMP - Deleted
C:\CA.TMP - Deleted
C:\CB.TMP - Deleted
C:\CC.TMP - Deleted
C:\CD.TMP - Deleted
C:\CE.TMP - Deleted
C:\CF.TMP - Deleted
C:\D0.TMP - Deleted
C:\D1.TMP - Deleted
C:\D2.TMP - Deleted
C:\D3.TMP - Deleted
C:\D4.TMP - Deleted
C:\D5.TMP - Deleted
C:\D6.TMP - Deleted
C:\D7.TMP - Deleted
C:\D8.TMP - Deleted
C:\D9.TMP - Deleted
C:\DA.TMP - Deleted
C:\DB.TMP - Deleted
C:\DC.TMP - Deleted
C:\DD.TMP - Deleted
C:\DE.TMP - Deleted
C:\DF.TMP - Deleted
C:\E0.TMP - Deleted
C:\E1.TMP - Deleted
C:\E2.TMP - Deleted
C:\E3.TMP - Deleted
C:\E4.TMP - Deleted
C:\E5.TMP - Deleted
C:\E6.TMP - Deleted
C:\E7.TMP - Deleted
C:\E8.TMP - Deleted
C:\E9.TMP - Deleted
C:\EA.TMP - Deleted
C:\EB.TMP - Deleted
C:\EC.TMP - Deleted
C:\ED.TMP - Deleted
C:\EE.TMP - Deleted
C:\EF.TMP - Deleted
C:\F0.TMP - Deleted
C:\F1.TMP - Deleted
C:\F2.TMP - Deleted
C:\F3.TMP - Deleted
C:\F4.TMP - Deleted
C:\F5.TMP - Deleted
C:\F6.TMP - Deleted
C:\F7.TMP - Deleted
C:\F8.TMP - Deleted
C:\F9.TMP - Deleted
C:\FA.TMP - Deleted
C:\FB.TMP - Deleted
C:\FC.TMP - Deleted
C:\FD.TMP - Deleted
C:\FE.TMP - Deleted
C:\FF.TMP - Deleted
C:\19.TMP - Deleted
C:\331.TMP - Deleted
C:\WINDOWS\system32\form.txt - Deleted
C:\WINDOWS\system32\windows_log.txt - Deleted





Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 19:55:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:


File Backups: - C:\DOCUME~1\AKA~1\Plocha\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 28 Dec 2007 1,094 A.SHR --- "C:\WINDOWS\system32\stanby.reg"
Sun 6 May 2007 19,456 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL0279.tmp"
Sun 6 May 2007 19,456 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL0583.tmp"
Sun 6 May 2007 19,456 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL0680.tmp"
Sun 6 May 2007 19,456 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL1108.tmp"
Sun 6 May 2007 19,968 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL1121.tmp"
Sun 6 May 2007 20,992 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL1147.tmp"
Sun 6 May 2007 19,456 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL1210.tmp"
Sun 6 May 2007 19,456 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL1665.tmp"
Sun 6 May 2007 19,456 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL1760.tmp"
Sun 6 May 2007 19,968 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL2138.tmp"
Sun 6 May 2007 22,016 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL2285.tmp"
Sun 6 May 2007 19,456 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL2633.tmp"
Sun 6 May 2007 19,456 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL2641.tmp"
Sun 6 May 2007 19,456 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL2708.tmp"
Sun 6 May 2007 19,456 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL2742.tmp"
Sun 6 May 2007 19,456 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL2768.tmp"
Sun 6 May 2007 19,456 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL2874.tmp"
Sun 6 May 2007 19,456 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL3164.tmp"
Sun 6 May 2007 19,456 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL3813.tmp"
Sun 6 May 2007 19,456 ...H. --- "C:\Documents and Settings\AÔka\Dokumenty\~WRL3835.tmp"
Sun 4 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\AÔka\Plocha\~WRL0003.tmp"
Mon 23 Apr 2007 160,256 ...H. --- "C:\Documents and Settings\AÔka\Plocha\ćkola\~WRL1341.tmp"
Sun 18 Mar 2007 31,232 ...H. --- "C:\Documents and Settings\AÔka\Data aplikacˇ\Microsoft\Word\~WRL0003.tmp"
Mon 12 Feb 2007 269,312 ...H. --- "C:\Documents and Settings\AÔka\Data aplikacˇ\Microsoft\Word\~WRL0004.tmp"
Sun 18 Mar 2007 29,696 ...H. --- "C:\Documents and Settings\AÔka\Data aplikacˇ\Microsoft\Word\~WRL0005.tmp"
Mon 12 Feb 2007 237,568 ...H. --- "C:\Documents and Settings\AÔka\Data aplikacˇ\Microsoft\Word\~WRL0872.tmp"
Mon 12 Feb 2007 226,816 ...H. --- "C:\Documents and Settings\AÔka\Data aplikacˇ\Microsoft\Word\~WRL2811.tmp"
Mon 12 Feb 2007 239,616 ...H. --- "C:\Documents and Settings\AÔka\Data aplikacˇ\Microsoft\Word\~WRL2850.tmp"
Mon 12 Feb 2007 261,120 ...H. --- "C:\Documents and Settings\AÔka\Data aplikacˇ\Microsoft\Word\~WRL3227.tmp"
Mon 12 Feb 2007 269,312 ...H. --- "C:\Documents and Settings\AÔka\Data aplikacˇ\Microsoft\Word\~WRL3232.tmp"
Mon 12 Feb 2007 244,224 ...H. --- "C:\Documents and Settings\AÔka\Data aplikacˇ\Microsoft\Word\~WRL3872.tmp"

Finished!


Odpovedať na tému [ Príspevkov: 34 ] Choď na stránku: 1, 2 ďalšia


Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy. Prosim poradte

v PC zostavy

9

552

04.11.2011 18:21

stolicnil Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosim poradte...

v Operačné systémy Unix a Linux

14

824

21.07.2009 10:24

Scary.po Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Poraďte, prosím...

v Notebooky a netbooky

9

461

07.07.2012 21:29

slider15 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Poradte prosím.

v Notebooky a netbooky

3

436

08.11.2009 12:09

AsuSmaNiaK Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosím poradte

v Základné dosky

11

673

26.03.2009 18:38

Jaro Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosim poradte...

v Notebooky a netbooky

9

822

29.07.2008 17:03

petoo43 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosím poradte...

v PC zostavy

3

472

22.04.2008 12:30

Daron Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Poradte prosim!

v Pamäte

5

826

28.12.2006 13:40

Freeride Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosim poradte

v Optické zariadenia

1

604

12.12.2007 19:56

KatjushaMan Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. prosim poradte

v Antivíry a antispywary

1

1144

21.05.2008 22:31

Qpkqkma Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosim poradte

v Procesory

8

766

04.06.2008 18:36

ertin Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosim poradte

[ Choď na stránku:Choď na stránku: 1, 2 ]

v PC zostavy

54

3323

26.01.2006 11:47

matooo Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. prosim poradte

v Internetový marketing, SEO, reklama

2

887

27.09.2008 14:44

jablko05 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. prosím poradte

v Intel - Integrated Electronics

3

610

24.09.2008 18:54

yago24 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. poradte prosim

v Sieťové a internetové programy

3

470

03.06.2009 20:07

ac.milan Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Poradte prosim

v nVidia grafické karty

13

618

14.08.2007 12:27

made Zobrazenie posledných príspevkov


Nemôžete zakladať nové témy v tomto fóre
Nemôžete odpovedať na témy v tomto fóre
Nemôžete upravovať svoje príspevky v tomto fóre
Nemôžete mazať svoje príspevky v tomto fóre

Skočiť na:  

Powered by phpBB Jarvis © 2005 - 2024 PCforum, webhosting by WebSupport, secured by GeoTrust, edited by JanoF
Ako väčšina webových stránok aj my používame cookies. Zotrvaním na webovej stránke súhlasíte, že ich môžeme používať.
Všeobecné podmienky, spracovanie osobných údajov a pravidlá fóra