Nejdú zobraziť skryté súbory a priečinky windows xp sp3

Zpráva

Andyman · #16 Příspěvek od **Andyman** » 04 led 2010 11:49

Log z Avengeru

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\atapi.sys|c:\windows\system32\drivers\atapi.sys" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Andyman · #17 Příspěvek od **Andyman** » 04 led 2010 11:55

Log z Dr. Web

-----------------------------------------------------------------------------
Kontrolné štatistiky
-----------------------------------------------------------------------------
Skontrolované objekty: 506091
Infikované: 3
Modifikované: 0
Podozrivé: 5
Reklamné klienty: 0
Vytáčacie programy: 0
Žartovné (neškodné) programy: 0
Riskantné programy: 0
Hackerské programy: 0
Vyliečené: 0
Vymazané: 2
Premenované: 0
Presunuté: 1
Ignorované: 0
Rýchlosť kontroly: 21 Kb/s
Čas kontroly: 07:58:13
-----------------------------------------------------------------------------

#18 Příspěvek od **motji** » 04 led 2010 11:56

Spustte znovu combofix

Andyman · #19 Příspěvek od **Andyman** » 04 led 2010 14:50

Z umiestnenia Tento počítač mi zmizla ikona Moje dokumenty

#20 Příspěvek od **motji** » 04 led 2010 15:03

myslíte po použití combofixu, nebo kdy?

Andyman · #21 Příspěvek od **Andyman** » 04 led 2010 15:29

Po použitý Dr. Web, môže to byť tým, že dal nejaké súbory do karantény ?

Log z Combofix-u

ComboFix 10-01-01.05 - Andy 04.01.2010 14:58:32.3.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2039.1549 [GMT 1:00]
Running from: c:\documents and settings\Andy\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
.
---- Previous Run -------
.
c:\program files\pdfforge Toolbar\config.ini
c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll
c:\program files\pdfforge Toolbar\Res\icon_settings.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
c:\program files\pdfforge Toolbar\Res\search-button.gif
c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\Res\search-chevron.gif
c:\program files\pdfforge Toolbar\Res\search_amazon.gif
c:\program files\pdfforge Toolbar\Res\search_ebay.gif
c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
c:\program files\pdfforge Toolbar\Res\widgets.xml
c:\program files\pdfforge Toolbar\SearchSettings.exe
c:\program files\pdfforge Toolbar\SearchSettingsRes409.dll
c:\program files\pdfforge Toolbar\sscfg.ini
c:\program files\pdfforge Toolbar\WidgiHelper.exe
c:\windows\system32\drivers\bdibcimivbeqvncc.sys
c:\windows\system32\drivers\etepoqycrprrdsts.sys

----- BITS: Possible infected sites -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))
.

2010-01-04 11:00 . 2009-10-13 15:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2010-01-04 10:59 . 2009-10-13 15:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2010-01-04 10:59 . 2009-10-13 15:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2010-01-04 10:59 . 2009-10-13 15:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2010-01-04 10:58 . 2009-10-13 15:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2010-01-04 10:58 . 2010-01-04 10:58 -------- d-----w- c:\program files\Daniusoft
2010-01-04 10:42 . 2010-01-04 10:42 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-01-04 10:37 . 2010-01-04 10:37 574 ----a-w- C:\cleanup.bat
2010-01-04 10:37 . 2010-01-04 10:37 135168 ----a-w- C:\zip.exe
2010-01-02 20:27 . 2010-01-03 21:20 -------- d-----w- c:\documents and settings\Andy\DoctorWeb
2010-01-01 16:24 . 2010-01-01 16:24 -------- d-----w- c:\program files\Acclaim Entertainment
2010-01-01 16:24 . 1998-01-23 11:22 304128 ----a-w- c:\windows\IsUninst.exe
2009-12-31 11:08 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-12-31 11:04 . 2009-12-31 11:23 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-31 10:40 . 2009-12-31 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Recisio
2009-12-31 10:40 . 2009-12-31 11:28 -------- d-----w- c:\program files\KaraFun
2009-12-29 18:47 . 2009-12-29 18:48 -------- d-----w- C:\DCPARTE
2009-12-29 11:06 . 2000-03-29 21:00 125440 ----a-w- c:\windows\system32\UNZDLL.DLL
2009-12-29 11:06 . 1999-05-21 20:10 129024 ----a-w- c:\windows\system32\ZIPDLL.DLL
2009-12-29 11:06 . 2009-12-29 11:06 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-12-28 19:01 . 2009-12-28 19:01 53760 ----a-w- c:\documents and settings\Andy\Application Data\Thinstall\Microsoft Office Professional Plus 2007\1000000be00002i\helpctr.exe
2009-12-28 19:01 . 2009-12-28 19:01 53760 ----a-w- c:\documents and settings\Andy\Application Data\Thinstall\Microsoft Office Professional Plus 2007\1000000c00002i\MSInfo32.exe
2009-12-28 15:20 . 2009-12-28 15:21 -------- d-----w- c:\program files\RM Downloader
2009-12-27 13:39 . 2009-12-27 13:39 -------- d-----w- c:\program files\DriverGuide DriverScan
2009-12-25 11:02 . 2009-12-25 11:03 -------- d-----w- C:\rsit
2009-12-25 11:02 . 2009-12-25 11:02 -------- d-----w- c:\program files\trend micro
2009-12-25 10:54 . 2009-12-25 10:54 -------- d-----w- c:\program files\Common Files\LightScribe
2009-12-23 16:13 . 2009-12-23 16:13 -------- d-----w- c:\program files\HD Tune
2009-12-22 18:05 . 2009-12-22 18:05 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-12-22 18:05 . 2009-12-22 18:05 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-12-22 18:05 . 2009-12-22 18:05 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-12-22 18:05 . 2009-12-22 18:05 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-12-22 18:05 . 2009-12-22 18:05 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-12-22 18:04 . 2009-12-22 18:04 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-12-22 18:04 . 2009-12-22 18:04 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-12-22 18:04 . 2009-12-22 18:04 264720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-12-22 18:04 . 2009-12-22 18:04 59920 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-12-22 18:04 . 2009-12-22 18:04 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-12-22 18:04 . 2009-12-22 18:04 264720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-12-22 18:00 . 2009-12-22 18:00 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-12-22 17:57 . 2009-12-22 18:04 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-22 17:57 . 2009-12-22 18:04 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-22 17:56 . 2010-01-04 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-12-22 17:56 . 2009-12-22 17:56 -------- d-----w- c:\program files\Kaspersky Lab
2009-12-20 15:24 . 2009-12-20 15:24 -------- d-----w- c:\documents and settings\Andy\Local Settings\Application Data\Thinstall
2009-12-19 16:23 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-19 16:23 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-15 21:30 . 2009-12-15 21:30 -------- d-----w- c:\program files\Tunatic
2009-12-15 14:44 . 2009-12-15 14:44 -------- d-----w- c:\documents and settings\Andy\Application Data\omnitrans
2009-12-15 12:11 . 2009-12-22 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-14 22:43 . 2010-01-01 17:20 -------- d-sh--w- c:\documents and settings\Andy\Phone Browser
2009-12-13 14:51 . 2009-12-13 14:51 -------- d-----w- c:\program files\Omnitrans International
2009-12-11 13:27 . 2009-12-11 13:27 -------- d-----w- c:\program files\KGB Archiver 2
2009-12-09 18:38 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-06 17:34 . 2009-12-06 17:34 -------- d-----w- c:\program files\Aspect one

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 13:36 . 2009-07-28 14:46 -------- d-----w- c:\documents and settings\Andy\Application Data\vlc
2010-01-04 12:54 . 2009-02-20 14:02 -------- d-----w- c:\documents and settings\Andy\Application Data\uTorrent
2010-01-03 19:28 . 2009-06-04 10:46 -------- d-----w- c:\program files\eTECH
2010-01-01 17:20 . 2009-02-18 12:59 -------- d-----w- c:\documents and settings\Andy\Application Data\PC Suite
2009-12-31 11:24 . 2009-11-08 11:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-29 21:21 . 2009-03-27 15:43 -------- d-----w- c:\documents and settings\Andy\Application Data\dvdcss
2009-12-29 20:41 . 2009-05-23 10:02 -------- d-----w- c:\documents and settings\Andy\Application Data\Canon
2009-12-29 10:48 . 2009-02-14 12:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-28 19:28 . 2009-02-16 17:06 -------- d-----w- c:\documents and settings\Andy\Application Data\Skype
2009-12-28 16:23 . 2006-06-24 01:13 114688 ----a-w- c:\windows\system32\liclock.dll
2009-12-22 17:52 . 2009-02-14 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-22 16:40 . 2009-02-28 20:45 237568 ----a-w- c:\windows\system32\winping.exe
2009-12-22 16:40 . 2009-02-28 20:45 397379 ----a-w- c:\windows\system32\paqbonus.exe
2009-12-22 13:20 . 2009-02-23 22:12 -------- d-----w- c:\program files\Mobiola Web Camera 2 for S60 3rd Edition
2009-12-20 15:24 . 2009-11-09 14:01 -------- d-----w- c:\documents and settings\Andy\Application Data\Thinstall
2009-12-19 16:14 . 2009-05-23 10:02 -------- d-----w- c:\program files\Canon
2009-12-19 16:14 . 2009-02-14 11:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-15 13:12 . 2009-02-14 11:42 135144 ----a-w- c:\documents and settings\Andy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-15 13:08 . 2009-02-14 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-07 21:07 . 2009-02-16 17:12 -------- d-----w- c:\documents and settings\Andy\Application Data\skypePM
2009-12-04 13:58 . 2009-02-27 12:46 -------- d-----w- c:\program files\Java
2009-12-04 13:57 . 2009-12-04 13:57 152576 ----a-w- c:\documents and settings\Andy\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-04 13:57 . 2009-12-04 13:57 79488 ----a-w- c:\documents and settings\Andy\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-01 00:19 . 2009-03-31 16:35 -------- d-----w- c:\documents and settings\Andy\Application Data\U3
2009-11-28 08:56 . 2009-02-14 19:05 -------- d-----w- c:\program files\Opera
2009-11-22 15:28 . 2009-11-22 15:28 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-22 12:43 . 2009-02-18 19:41 -------- d-----w- c:\program files\BatteryBar
2009-11-22 12:43 . 2009-02-18 19:41 -------- d-----w- c:\documents and settings\Andy\Application Data\BatteryBar
2009-11-22 11:48 . 2009-11-22 11:48 -------- d-----w- c:\documents and settings\Andy\Application Data\Vectir
2009-11-22 11:43 . 2009-11-22 11:43 -------- d-----w- c:\program files\Vectir
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 22:30 . 2009-11-03 22:41 996984 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-11 20:02 . 2009-11-11 20:02 -------- d-----w- c:\program files\directx
2009-11-11 16:34 . 2009-08-11 13:39 -------- d-----w- c:\program files\4shared.com
2009-11-10 13:36 . 2009-05-11 16:20 -------- d-----w- c:\documents and settings\Andy\Application Data\Winamp
2009-11-09 14:01 . 2009-11-09 14:01 8704 ----a-w- c:\documents and settings\Andy\Application Data\Thinstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\40000060300002h\_Alcohol.exe
2009-11-07 12:16 . 2009-02-25 20:13 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-11-07 11:31 . 2009-11-07 11:31 -------- d-----w- c:\program files\Common Files\RedSpark Shared
2009-11-07 11:24 . 2009-11-07 11:24 -------- d-----w- c:\program files\Autodesk
2009-10-29 07:45 . 2006-02-28 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-28 08:33 . 2009-02-14 11:35 356352 ----a-w- c:\windows\system32\AegisI5Installer.exe
2009-10-28 08:28 . 2009-10-28 08:28 247296 ----a-w- c:\documents and settings\Andy\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_9_0_d_ind.dll
2009-10-28 08:28 . 2009-10-28 08:28 247296 ----a-w- c:\documents and settings\Andy\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_9_0_c_ind.dll
2009-10-28 08:28 . 2009-10-28 08:28 247296 ----a-w- c:\documents and settings\Andy\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_9_0_b_ind.dll
2009-10-28 08:28 . 2009-10-28 08:28 247296 ----a-w- c:\documents and settings\Andy\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_9_0_a_ind.dll
2009-10-21 05:38 . 2006-02-28 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-02-28 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-02-28 12:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2006-02-28 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2006-02-28 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2006-02-28 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 03:17 . 2009-02-27 12:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2006-02-28 12:00 . 2009-02-14 12:13 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 16:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatBar"="c:\program files\Globe Software\StatBar\StatBar.exe" [2003-07-25 335872]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-05-31 3158016]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2009-03-23 2582288]
"PhilipsLime"="c:\program files\Philips\Philips Lime Service\bin\LimeAlive.exe" [2006-06-09 159744]
"MzRamBooster"="c:\program files\MzRam\MzRamBooster.exe" [2009-05-15 194560]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-16 39408]
"Google Update"="c:\documents and settings\Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-24 133104]
"Vectir"="c:\program files\Vectir\Vectir.exe" [2008-03-18 688128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-07-12 225280]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-26 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-12 1826816]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-26 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-17 815104]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-03-05 677408]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-11-13 851968]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-02-14 33136]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-07-13 651264]
"4shared Update"="c:\program files\4shared Desktop\checkUpdate.exe" [2009-07-13 1337344]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [BU]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-16 122368]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-8-2 2760704]
Canon LBP3200 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP4LAK.EXE [2009-3-15 30720]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Andy\\My Documents\\VLCPortable\\App\\vlc\\vlc.exe"=
"c:\\Documents and Settings\\Andy\\My Documents\\Nový priečinok\\DC++\\StrongDC.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Mobiola Web Camera for S60\\webcam.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Phone Remote Control\\PhoneRemoteControl.exe"=
"c:\\Documents and Settings\\Andy\\My Documents\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [17.2.2009 15:14 5248]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15.12.2008 20:41 33808]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [30.1.2007 21:07 39080]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [23.3.2009 19:07 1382672]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [16.2.2009 17:07 222456]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.1.2007 18:31 42000]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [14.2.2009 12:30 36608]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.5.2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16.5.2009 20:59 19472]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [4.1.2010 11:58 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [4.1.2010 11:59 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [4.1.2010 11:59 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [4.1.2010 11:59 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [4.1.2010 12:00 25704]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [17.2.2009 15:14 160640]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 TEUSBAVCAP;USB AV4CH Capture;c:\windows\system32\drivers\U3104AVCap.sys [25.9.2009 9:43 73472]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 13:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2009-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-606747145-725345543-1004Core.job
- c:\documents and settings\Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-24 12:22]

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-606747145-725345543-1004UA.job
- c:\documents and settings\Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-24 12:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
uInternet Settings,ProxyOverride = *.local
IE: &Download all 4shared files - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\8t5423nd.default\
FF - component: c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\8t5423nd.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\8t5423nd.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
FF - component: c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\8t5423nd.default\extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\Andy\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\NPSWF32_back.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
BHO-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
Toolbar-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
WebBrowser-{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - (no file)

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="9C1EC2BA3B63FC1690A227E97A2EC579ED27AFD839CC6CD11E336FBD1A049AA84ED1124ED429DB4785D2707FED7A0EBD81B27D5C410535FE6805EE62D699988BC772CC798DD62B29E54ABCF4963B47B3669F2D24FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74C9DB7CE019D40AA5CACECAF4D34B19C002A3F5E5371FA61DD7B4241719884C932128D508F820E93BEBF6A7A814E696556AC6BDFD8778F7275A115DEBA5053F45C1E11F0493B216A49447AD6223ECB2C330E2C95E8E16B5625D72D435DE4CA771839252287B8E8986AAC658C7555830FE305793702D53AA4C2BBD4B2B1703786E10704D41BAAF3116ABFF55BE2F7025C191ED06C458F6EA888BD5A64B2212C0B9EFAECECF75696F9F698FCF17721FA1968B7B3D5F8DBBCE416A28F01003C0024176021C23593672E9EA64D7665DC67FA4B08A403089D1F8C6D81492ADA984B22F3D4E8220FCEC1BB57ABBE017F4C82ED1F94ACFBFDC9D28975C9E172AB21ED8AC6C98D4BE688C5E5773FAD1F41A5CC12A53AD9B90EEC57F5F6BA365FFB55889782045FF0BD5454A2BDCA7853C4B089BA83293CAA0FA37224A169A8ED7C4882367D2030BCBD5A171CC98E038F4DCC426FC264E7B079A0AD99073F1E8C7E2105877409D54BB2D7F6319F9DB53FBE69C26BD14376A1EBAAD60D9D77019CF91B7E6286812BA98A1DA475A75D7C3EA20D9A9E7F7383C7A71CFD6BC1253FF6870622CF3620115EDB0E132E2D08C65FA4509EAC8272B0611462F7D42F2B49E569C4E40CEBCC66E15DA2F8D6E2AE866595E0E66D7595A220B800601F8AC215A9014F810AF248959DE9E6D01DDCB2B50AEBFE4F6AD404012AC50B9152D7F81EF3D42F75EEF921867303FB5B6312CACE7AC08077E48039F8990CAEADA983AD5FEB10858394153FA9374C951B405F02D0584FD04450C0863B7B81A81A96DB975C2C818431883B5BF0B10D7C567F85B7C138F8E95ED4BC8DFCD3C0CB80BE12BD1A459D74C90BC803D11D310C1A1EA89EA6A3C25EB04C02477596867CCCF93C7DA1397830DA927B1A4AAA4936335052BB0D95D5546C47837FE2AF353830D35608817E4E26364AF7D3D47D887DB67AEC6B03817F8384099556847BD20AA08DBEE0CB027FDA710C463BF62FC6FA7BB84B5C1ECBAF3AB288713E20CC0916579BB6E294218CE4686C4F2EB64A80DA1CD91F91F34CFBD97173357FFEE92791D1A7E4B8F62F1E6F38B0655E9E50D6DCF6DD036121519C5782A661B76B8C1D48500B54E38FF37D394350BA503DB28A57B17E71F5C59C6F3C69375D543863019657D9F33A01A91B97AFFA6560A45C85AF3024CCCF05E0F4A4EDEBEF19B88E8E7031579463EFFE896FE712E23A6CA854"
.
Completion time: 2010-01-04 15:18:05
ComboFix-quarantined-files.txt 2010-01-04 14:18
ComboFix2.txt 2009-12-27 22:01

Pre-Run: 92 835 958 784 bytes free
Post-Run: 26 adresárov, 92 869 603 328 voľných bajtov

- - End Of File - - CAB02827DD834C04E006671F20122975

#22 Příspěvek od **motji** » 04 led 2010 16:36

Pokud je to jen ikona a ne celá složka, tak to jde. Pak to opravíme

.

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu

start-spustit
do okénka zkopírujte
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t
ok

vytvoří se log s názvem mbr.log, vložte ho zde

Andyman · #23 Příspěvek od **Andyman** » 04 led 2010 17:18

V programe SPTD mi nejde dat uninstall. Mam tam len install a cancel. Alcohol je odinštalovaný. Reštartoval som aj pc.

#24 Příspěvek od **motji** » 04 led 2010 18:35

pokračujte gmerem

Andyman · #25 Příspěvek od **Andyman** » 06 led 2010 17:45

Gmer som spúšťal asi 3 krát a vždy mi zamrzol počítač. Ten prvý log mi spravilo, ale keď som dal ďalší scan tak mi zamrzol.

#26 Příspěvek od **motji** » 06 led 2010 22:03

Můžu vidět ten první log?

start-spustit
do okénka zkopírujte

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

Andyman · #27 Příspěvek od **Andyman** » 07 led 2010 13:07

Prvý log z Gmer - u

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-04 19:19:45
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Andy\LOCALS~1\Temp\kxrdqpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xA7B13E3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA7B13EE4]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

Log z MBR

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

#28 Příspěvek od **motji** » 07 led 2010 13:35

Ten mbr spustte takto:
start - spustit - napsat
"%userprofile%\plocha\mbr" -t

Jak to ted vypadá s počítačem?

Stáhněte
http://rootrepeal.googlepages.com/RootRepeal.zip
-Stáhněte,rozbalte a spusťte
-vyberte záložku Files, klikněte na Scan,
-proběhne sken, po něm klikněte na Save Report , tím se uloží log, který zkopírujete sem

-postupně vyberte všechny záložky a udělejte skeny.

Andyman · #29 Příspěvek od **Andyman** » 07 led 2010 15:34

Log z MBR

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

#30 Příspěvek od **motji** » 07 led 2010 21:44

Rootrepeal taky zlobí?

VIRY.CZ

Nejdú zobraziť skryté súbory a priečinky windows xp sp3

Re: Nejdú zobraziť skryté súbory a priečinky windows xp sp3

Re: Nejdú zobraziť skryté súbory a priečinky windows xp sp3

Re: Nejdú zobraziť skryté súbory a priečinky windows xp sp3

Re: Nejdú zobraziť skryté súbory a priečinky windows xp sp3

Re: Nejdú zobraziť skryté súbory a priečinky windows xp sp3

Re: Nejdú zobraziť skryté súbory a priečinky windows xp sp3

Re: Nejdú zobraziť skryté súbory a priečinky windows xp sp3

Re: Nejdú zobraziť skryté súbory a priečinky windows xp sp3

Re: Nejdú zobraziť skryté súbory a priečinky windows xp sp3

Re: Nejdú zobraziť skryté súbory a priečinky windows xp sp3

Re: Nejdú zobraziť skryté súbory a priečinky windows xp sp3

Re: Nejdú zobraziť skryté súbory a priečinky windows xp sp3

Re: Nejdú zobraziť skryté súbory a priečinky windows xp sp3

Re: Nejdú zobraziť skryté súbory a priečinky windows xp sp3

Re: Nejdú zobraziť skryté súbory a priečinky windows xp sp3