VIRY.CZ

Mam tento vir a neda sa liecit. Prosim niekoho o pomoc ako to mam vyliecit. Nevyznam sa velmi do toho. Mam NOD 32.
Robi mi to take veci zatial ze mam spomaleny PC a zacto ho musim restartovat. Dakujem krasne za pomoc

urobila som to , co dalej? tu je vysledok:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-04 18:35:29
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\MILAN\LOCALS~1\Temp\kfeyakow.sys

---- System - GMER 1.0.15 ----

SSDT 88AD2A70 ZwAssignProcessToJobObject
SSDT spnw.sys ZwCreateKey [0xF74D70E0]
SSDT 88AD35F0 ZwDebugActiveProcess
SSDT 88AD3020 ZwDuplicateObject
SSDT spnw.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spnw.sys ZwEnumerateValueKey [0xF74F6030]
SSDT spnw.sys ZwOpenKey [0xF74D70C0]
SSDT 88AD21B0 ZwOpenProcess
SSDT 88AD24B0 ZwOpenThread
SSDT 88AD2EB0 ZwProtectVirtualMemory
SSDT spnw.sys ZwQueryKey [0xF74F6108]
SSDT spnw.sys ZwQueryValueKey [0xF74F5F88]
SSDT 88AD2D50 ZwSetContextThread
SSDT 88AD2BD0 ZwSetInformationThread
SSDT 88ACFA90 ZwSetSecurityObject
SSDT spnw.sys ZwSetValueKey [0xF74F619A]
SSDT 88AD2910 ZwSuspendProcess
SSDT 88AD27B0 ZwSuspendThread
SSDT 88AD2340 ZwTerminateProcess
SSDT 88AD2640 ZwTerminateThread
SSDT 88AD3440 ZwWriteVirtualMemory

INT 0x63 ? 89DFFF00
INT 0x63 ? 89DFFF00
INT 0x63 ? 89DFFF00
INT 0x83 ? 89DFFF00
INT 0x83 ? 89DFFF00
INT 0xA4 ? 89DFFF00
INT 0xB4 ? 8A08BBF8

---- Kernel code sections - GMER 1.0.15 ----

? spnw.sys Systém nemôže nájsť zadaný súbor. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB7264000, 0x189FCA, 0xE8000020]
.text USBPORT.SYS!DllUnload B70C562C 5 Bytes JMP 89DFF4E0
.text aw5hvbgh.SYS B7019386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aw5hvbgh.SYS B70193AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aw5hvbgh.SYS B70193C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aw5hvbgh.SYS B70193C9 1 Byte [2E]
.text aw5hvbgh.SYS B70193C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1356] kernel32.dll!SetUnhandledExceptionFilter 7C84480D 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A08A1F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\NetBT \Device\NetBT_Tcpip_{F70FB1E9-D7C0-4FBE-B493-0AC02314F38B} 89CD2500

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbohci \Device\USBPDO-0 89DDB1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A01C1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A01C1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A01C1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A01C1F8
Device \Driver\usbohci \Device\USBPDO-1 89DDB1F8
Device \Driver\PCI_PNP6140 \Device\00000045 spnw.sys
Device \Driver\PCI_PNP6140 \Device\00000045 spnw.sys
Device \Driver\usbohci \Device\USBPDO-2 89DDB1F8
Device \Driver\usbehci \Device\USBPDO-3 89DB31F8
Device \Driver\usbohci \Device\USBPDO-4 89DDB1F8

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device \Driver\usbohci \Device\USBPDO-5 89DDB1F8
Device \Driver\usbehci \Device\USBPDO-6 89DB31F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A08C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A08C1F8
Device \Driver\Cdrom \Device\CdRom0 89E011F8
Device \Driver\Cdrom \Device\CdRom1 89E011F8
Device \Driver\atapi \Device\Ide\IdePort0 8A08B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A08B1F8
Device \Driver\atapi \Device\Ide\IdePort1 8A08B1F8
Device \Driver\atapi \Device\Ide\IdePort2 8A08B1F8
Device \Driver\atapi \Device\Ide\IdePort3 8A08B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A08B1F8
Device \Driver\sptd \Device\2714201140 spnw.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{32C6E991-9152-4666-8998-E8B45257BA55} 89CD2500
Device \Driver\NetBT \Device\NetBt_Wins_Export 89CD2500
Device \Driver\NetBT \Device\NetbiosSmb 89CD2500
Device \Driver\usbohci \Device\USBFDO-0 89DDB1F8
Device \Driver\usbohci \Device\USBFDO-1 89DDB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89CD1500
Device \Driver\usbehci \Device\USBFDO-2 89DB31F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89CD1500
Device \Driver\usbohci \Device\USBFDO-3 89DDB1F8
Device \Driver\usbohci \Device\USBFDO-4 89DDB1F8
Device \Driver\Ftdisk \Device\FtControl 8A08C1F8
Device \Driver\usbehci \Device\USBFDO-5 89DB31F8
Device \Driver\usbohci \Device\USBFDO-6 89DDB1F8
Device \Driver\aw5hvbgh \Device\Scsi\aw5hvbgh1 89C761F8
Device \Driver\aw5hvbgh \Device\Scsi\aw5hvbgh1Port4Path0Target0Lun0 89C761F8
Device \FileSystem\Cdfs \Cdfs 89C35370

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6B 0xAA 0x51 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x01 0x6F 0x63 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7E 0x8D 0x0E 0x70 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6B 0xAA 0x51 0x3A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x01 0x6F 0x63 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7E 0x8D 0x0E 0x70 ...

---- EOF - GMER 1.0.15 ----

a ako mam zistit kde mam ten virus?

ComboFix 10-02-03.08 - MILAN 04.02.2010 18:59:39.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.2815.2425 [GMT 1:00]
Running from: c:\documents and settings\MILAN\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\MILAN\Application Data\wiaserva.log
c:\documents and settings\MILAN\Favorites\Cheap Software.url
c:\documents and settings\MILAN\Favorites\MP3 Download.url
c:\documents and settings\MILAN\Start Menu\Cheap Software.url
c:\documents and settings\MILAN\Start Menu\MP3 Download.url
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\temp\00F17D93.exe
c:\windows\temp\0BBE3345.exe
c:\windows\temp\35FCCD74.exe
c:\windows\temp\3D31DD68.exe
c:\windows\temp\4CFD9D57.exe
c:\windows\temp\5018446C.exe
c:\windows\temp\7AB63E4B.exe
c:\windows\temp\7FE03748.exe
c:\windows\temp\84DB8B63.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-04 to 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-03 22:21 . 2010-02-03 22:29 -------- d-----w- C:\Season 1
2010-02-03 11:15 . 2010-02-03 11:15 -------- d-----w- c:\program files\ESET
2010-01-30 20:20 . 2010-01-30 20:56 -------- d-----w- C:\The Time Travelers Wife [2009] DVDRip XviD-iMBT
2010-01-05 18:53 . 2010-01-05 18:53 37873535 ----a-w- C:\370567776 monika.zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 18:01 . 2009-03-12 22:01 -------- d-----w- c:\program files\ICQ6.5
2010-02-04 16:15 . 2009-08-29 16:25 0 ----a-w- c:\windows\system32\drivers\48a57576.sys
2010-01-18 11:47 . 2008-11-03 20:47 -------- d-----w- c:\documents and settings\MILAN\Application Data\ICQ
2010-01-08 15:30 . 2009-11-23 12:56 -------- d-----w- c:\program files\AntikVirtualSTB
2009-12-04 09:03 . 2009-12-04 09:03 251376 ----a-w- c:\documents and settings\MILAN\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-12-01 19:06 . 2009-05-21 13:51 31570432 ----a-w- C:\eav_nt32_csy.msi
2009-11-23 13:00 . 2009-11-23 12:59 3296 ----a-w- c:\documents and settings\MILAN\Local Settings\Application Data\config.dat
2009-11-16 08:06 . 2009-11-16 08:06 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-11-16 08:03 . 2009-11-16 08:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 07:56 . 2009-11-16 07:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
.

------- Sigcheck -------

[-] 2008-03-10 . DDD3D4AE703C7CEEE45041B58AE243FF . 360832 . . [5.1.2600.3244] . . c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2008-03-18 2508072]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-01 68856]
"Google Update"="c:\documents and settings\MILAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-26 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-09 17021440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-01-24 1208320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-04-02 87336]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 62760]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-13 111928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-03-10 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\MILAN\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\MILAN\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"c:\\Program Files\\AntikVirtualSTB\\AntikVirtualSTB.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16.11.2009 9:06 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16.11.2009 9:04 735960]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.3.2009 23:02 222456]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.11.2008 21:53 717296]
S1 43f84cfb;43f84cfb;c:\windows\system32\drivers\43f84cfb.sys [21.9.2009 22:14 0]
S1 48a57576;48a57576;c:\windows\system32\drivers\48a57576.sys [29.8.2009 17:25 0]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 16:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-22 c:\windows\Tasks\1-Click Maintenance.job
- d:\tune up\SystemOptimizer.exe [2007-08-02 17:35]

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-261478967-839522115-1003Core.job
- c:\documents and settings\MILAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-26 21:34]

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-261478967-839522115-1003UA.job
- c:\documents and settings\MILAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-26 21:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk
mStart Page = hxxp://home.sweetim.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: google sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
FF - ProfilePath - c:\documents and settings\MILAN\Application Data\Mozilla\Firefox\Profiles\6i31ahgx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.topky.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\MILAN\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\MILAN\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

HKCU-Explorer_Run-sysinit - c:\windows\sysinit.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 19:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-02-04 19:03:17
ComboFix-quarantined-files.txt 2010-02-04 18:03
ComboFix2.txt 2009-03-11 22:16

Pre-Run: 10 962 485 248 bytes free
Post-Run: 8 adresárov, 11 173 949 440 voľných bajtov

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /TUTag=R9Z9YG /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /fastdetect /NoExecute=OptIn /TUTag=R9Z9YG-BAK

- - End Of File - - 2948B56FF38C6CA0737A4C11F835FE79

prepac ale ja som do toho ozaj nerozumiem ked som dala testovat disk cez NOD tak mi to vyhodilo kde je to ale som zabudla

a ano ten subor antik poznam to je program na pozeranie TV.

vysledok:
File tcpip.sys received on 2010.02.04 20:14:45 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 1/39 (2.57%)

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.04 -
AhnLab-V3 5.0.0.2 2010.02.04 -
AntiVir 7.9.1.158 2010.02.04 -
Antiy-AVL 2.0.3.7 2010.02.04 -
Authentium 5.2.0.5 2010.02.04 -
Avast 4.8.1351.0 2010.02.04 -
AVG 9.0.0.730 2010.02.04 -
BitDefender 7.2 2010.02.04 -
CAT-QuickHeal 10.00 2010.02.04 -
ClamAV 0.96.0.0-git 2010.02.04 -
Comodo 3819 2010.02.04 -
DrWeb 5.0.1.12222 2010.02.04 -
eTrust-Vet 35.2.7283 2010.02.04 -
F-Prot 4.5.1.85 2010.02.04 -
F-Secure 9.0.15370.0 2010.02.04 -
Fortinet 4.0.14.0 2010.02.04 -
GData 19 2010.02.04 -
Ikarus T3.1.1.80.0 2010.02.04 -
Jiangmin 13.0.900 2010.02.04 -
K7AntiVirus 7.10.966 2010.02.03 -
Kaspersky 7.0.0.125 2010.02.04 -
McAfee 5882 2010.02.04 -
McAfee+Artemis 5882 2010.02.04 -
McAfee-GW-Edition 6.8.5 2010.02.04 Heuristic.BehavesLike.Win32.Packed.I
Microsoft 1.5406 2010.02.04 -
NOD32 4836 2010.02.04 -
Norman 6.04.03 2010.02.04 -
nProtect 2009.1.8.0 2010.02.04 -
Panda 10.0.2.2 2010.02.04 -
PCTools 7.0.3.5 2010.02.04 -
Prevx 3.0 2010.02.04 -
Rising 22.33.03.04 2010.02.04 -
Sophos 4.50.0 2010.02.04 -
Sunbelt 3.2.1858.2 2010.02.04 -
TheHacker 6.5.1.0.180 2010.02.04 -
TrendMicro 9.120.0.1004 2010.02.04 -
VBA32 3.12.12.1 2010.02.04 -
ViRobot 2010.2.4.2172 2010.02.04 -
VirusBuster 5.0.21.0 2010.02.04 -
Additional information
File size: 360832 bytes
MD5...: ddd3d4ae703c7ceee45041b58ae243ff
SHA1..: 2da6ac81cc2e60501e11151f5a7b0d8f1d111070
SHA256: 8e887c46599dd9c27713b3217421ed1cef0a6de9b685f9782a6eb71e126f1541
ssdeep: 6144:+FF+/3BWQhtys6EcQzPS0+wJjfnUaA63+VBVPBA4BhMV/17SkroLY:++/3o
QhtY0Srujf9AkyTP+V/JkY
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x50aa3
timedatestamp.....: 0x47276189 (Tue Oct 30 16:53:29 2007)
machinetype.......: 0x14c (I386)

to druhe mi pise :0 bytes size received / Se ha recibido un archivo vacio

a to tretie tiez:0 bytes size received / Se ha recibido un archivo vacio

neviem preco ale ten textovy subor mi nevyhodilo po tom co som to urobila, kazdopadne poslielam ten subor cely
http://leteckaposta.cz/552748354

a neviem ako je to mozne ale dnes som kontrolavala disk a nenaslo mi NIC napriek tomu mam dole na liste nieco take ako cerveny krizik a je tam ze centrum zabespecenia systemu windows. Ale uz celkovo to vyzera byt ok... je to ok?

moze byt?

ComboFix 10-02-04.07 - MILAN 05.02.2010 15:50:04.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.2815.2176 [GMT 1:00]
Running from: c:\documents and settings\MILAN\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts

.
((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.

2010-02-05 12:57 . 2010-02-05 12:57 47696 ----a-w- C:\Food%2C+Inc.(0000143925).zip
2010-02-03 22:21 . 2010-02-03 22:29 -------- d-----w- C:\Season 1
2010-02-03 11:15 . 2010-02-03 11:15 -------- d-----w- c:\program files\ESET
2010-01-30 20:20 . 2010-01-30 20:56 -------- d-----w- C:\The Time Travelers Wife [2009] DVDRip XviD-iMBT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 00:03 . 2009-11-23 12:59 3296 ----a-w- c:\documents and settings\MILAN\Local Settings\Application Data\config.dat
2010-02-05 00:03 . 2009-11-23 12:56 -------- d-----w- c:\program files\AntikVirtualSTB
2010-02-04 18:01 . 2009-03-12 22:01 -------- d-----w- c:\program files\ICQ6.5
2010-02-04 16:15 . 2009-08-29 16:25 0 ----a-w- c:\windows\system32\drivers\48a57576.sys
2010-01-18 11:47 . 2008-11-03 20:47 -------- d-----w- c:\documents and settings\MILAN\Application Data\ICQ
2010-01-05 18:53 . 2010-01-05 18:53 37873535 ----a-w- C:\370567776 monika.zip
2009-12-04 09:03 . 2009-12-04 09:03 251376 ----a-w- c:\documents and settings\MILAN\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-12-01 19:06 . 2009-05-21 13:51 31570432 ----a-w- C:\eav_nt32_csy.msi
2009-11-16 08:06 . 2009-11-16 08:06 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-11-16 08:03 . 2009-11-16 08:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 07:56 . 2009-11-16 07:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
.

------- Sigcheck -------

[-] 2008-03-10 . DDD3D4AE703C7CEEE45041B58AE243FF . 360832 . . [5.1.2600.3244] . . c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-02-04_18.02.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-05 11:52 . 2010-02-05 11:52 16384 c:\windows\temp\Perflib_Perfdata_b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2008-03-18 2508072]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-01 68856]
"Google Update"="c:\documents and settings\MILAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-26 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-09 17021440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-01-24 1208320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-04-02 87336]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 62760]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-13 111928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-03-10 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\MILAN\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\MILAN\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"c:\\Program Files\\AntikVirtualSTB\\AntikVirtualSTB.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16.11.2009 9:06 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16.11.2009 9:04 735960]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.3.2009 23:02 222456]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.11.2008 21:53 717296]
S1 43f84cfb;43f84cfb;c:\windows\system32\drivers\43f84cfb.sys [21.9.2009 22:14 0]
S1 48a57576;48a57576;c:\windows\system32\drivers\48a57576.sys [29.8.2009 17:25 0]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 16:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-22 c:\windows\Tasks\1-Click Maintenance.job
- d:\tune up\SystemOptimizer.exe [2007-08-02 17:35]

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-261478967-839522115-1003Core.job
- c:\documents and settings\MILAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-26 21:34]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-261478967-839522115-1003UA.job
- c:\documents and settings\MILAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-26 21:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk
mStart Page = hxxp://home.sweetim.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: google sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
FF - ProfilePath - c:\documents and settings\MILAN\Application Data\Mozilla\Firefox\Profiles\6i31ahgx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.topky.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\MILAN\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\MILAN\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 15:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(21044)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-05 15:53:47
ComboFix-quarantined-files.txt 2010-02-05 14:53
ComboFix2.txt 2010-02-04 18:03
ComboFix3.txt 2009-03-11 22:16

Pre-Run: 10 529 153 024 bytes free
Post-Run: 8 adresárov, 10 521 296 896 voľných bajtov

- - End Of File - - 4161A73413B14DB961695CCC51E2B446

Ahoj, zaskok za kolegu:

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
Driver::
ICQ Service
43f84cfb
48a57576

Rootkit::
c:\windows\system32\drivers\43f84cfb.sys
c:\windows\system32\drivers\48a57576.sys

Folder::
c:\program files\ICQ6Toolbar
c:\program files\SweetIM\Toolbars

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-

DDS::
mStart Page = hxxp://home.sweetim.com

FireFox::
FF - ProfilePath - c:\documents and settings\MILAN\Application Data\Mozilla\Firefox\Profiles\6i31ahgx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

FCopy::
c:\windows\ServicePackFiles\i386\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Extra::

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.

Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

no neviem preco som to urobila ale nezobrazilo mi nove okno,

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "43f84cfb" deleted successfully.
Driver "48a57576" deleted successfully.
File "c:\windows\system32\drivers\43f84cfb.sys" deleted successfully.
File "c:\windows\system32\drivers\48a57576.sys" deleted successfully.

Error: file "c:\tcpip.sys" not found!
File move operation "c:\tcpip.sys|c:\windows\system32\drivers\tcpip.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

ospravedlnujem sa ze az teraz odpisujem ...
aky log?

Logfile of random's system information tool 1.06 (written by random/random)
Run by MILAN at 2010-02-10 13:41:50
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 5 GB (26%) free of 20 GB
Total RAM: 2815 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:57, on 10.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\MILAN\Desktop\RSIT.exe
C:\Program Files\trend micro\MILAN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=14780&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\MILAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 9558 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-261478967-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-261478967-839522115-1003UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-06 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-06 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-05-19 1144712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PROGRA~1\PCTRAN~1\webie.dll [2004-05-13 319488]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-05-19 1144712]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-06 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-10-14 110592]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-10-09 17021440]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2008-01-24 1208320]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-03 1323008]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2008-04-02 87336]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2008-02-22 62760]
"UpdatePPShortCut"=C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2008-01-04 222504]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-01-13 111928]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-11-16 2054360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"Power2GoExpress"=C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe [2008-03-18 2508072]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-17 2289664]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-01 68856]
"Google Update"=C:\Documents and Settings\MILAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-26 133104]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-04-30 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\CyberLink\PowerDirector\PDR.exe"="C:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Documents and Settings\MILAN\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\MILAN\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\MILAN\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\MILAN\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE"
"C:\Program Files\WinSCP\WinSCP.exe"="C:\Program Files\WinSCP\WinSCP.exe:*:Enabled:SFTP, FTP and SCP client"
"C:\Program Files\AntikVirtualSTB\AntikVirtualSTB.exe"="C:\Program Files\AntikVirtualSTB\AntikVirtualSTB.exe:*:Enabled:AntikVirtualSTB"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-02-09 00:37:34 ----D---- C:\The Box (2009) BRRip LiNE AC3-WHiiZz
2010-02-08 15:54:40 ----D---- C:\Mega Dance Party 2009
2010-02-08 15:49:56 ----D---- C:\Hits Club Dance (2009)
2010-02-08 15:42:56 ----D---- C:\DANCE HITS vol.35 2009 (jandacik)
2010-02-07 16:01:10 ----D---- C:\Inna - Best of (2009)
2010-02-07 14:18:35 ----D---- C:\Avenger
2010-02-07 14:18:35 ----A---- C:\avenger.txt
2010-02-06 13:17:21 ----D---- C:\Program Files\Ask.com
2010-02-06 13:16:56 ----D---- C:\Program Files\Common Files\eBay
2010-02-06 13:16:55 ----D---- C:\Program Files\VDOWNLOADER
2010-02-06 11:44:07 ----D---- C:\32788R22FWJFW
2010-02-06 11:40:30 ----SD---- C:\ComboFix
2010-02-05 16:32:17 ----SHD---- C:\RECYCLER
2010-02-05 15:53:48 ----A---- C:\ComboFix.txt
2010-02-04 18:59:08 ----A---- C:\Boot.bak
2010-02-04 18:59:03 ----RASHD---- C:\cmdcons
2010-02-04 18:58:12 ----A---- C:\WINDOWS\MBR.exe
2010-02-04 18:58:11 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-04 18:58:08 ----A---- C:\WINDOWS\zip.exe
2010-02-04 18:58:08 ----A---- C:\WINDOWS\SWREG.exe
2010-02-04 18:58:08 ----A---- C:\WINDOWS\PEV.exe
2010-02-04 18:58:07 ----A---- C:\WINDOWS\sed.exe
2010-02-04 18:58:07 ----A---- C:\WINDOWS\grep.exe
2010-02-04 18:58:06 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-04 18:58:06 ----A---- C:\WINDOWS\SWSC.exe
2010-02-04 18:52:48 ----D---- C:\Qoobox
2010-02-03 23:21:54 ----D---- C:\Season 1
2010-02-03 12:15:59 ----D---- C:\Program Files\ESET
2010-01-30 21:20:50 ----D---- C:\The Time Travelers Wife [2009] DVDRip XviD-iMBT

======List of files/folders modified in the last 1 months======

2010-02-10 13:41:57 ----D---- C:\WINDOWS\temp
2010-02-10 13:41:53 ----D---- C:\Program Files\trend micro
2010-02-10 13:41:33 ----D---- C:\Program Files\Mozilla Firefox
2010-02-10 13:40:23 ----D---- C:\WINDOWS\Prefetch
2010-02-10 01:49:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-10 01:29:40 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-09 01:33:07 ----A---- C:\WINDOWS\wincmd.ini
2010-02-09 00:37:52 ----A---- C:\WINDOWS\winamp.ini
2010-02-09 00:35:31 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-02-08 19:39:12 ----D---- C:\WINDOWS
2010-02-07 23:23:35 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-07 23:23:00 ----A---- C:\WINDOWS\wdict32.INI
2010-02-07 14:18:35 ----D---- C:\WINDOWS\system32\drivers
2010-02-07 14:18:35 ----D---- C:\WINDOWS\system32
2010-02-06 21:51:32 ----SHD---- C:\WINDOWS\Installer
2010-02-06 21:51:28 ----SD---- C:\WINDOWS\Tasks
2010-02-06 21:51:25 ----D---- C:\Program Files\Google
2010-02-06 13:49:09 ----D---- C:\Program Files\AntikVirtualSTB
2010-02-06 13:17:21 ----RD---- C:\Program Files
2010-02-06 13:16:56 ----D---- C:\Program Files\Common Files
2010-02-05 15:52:41 ----A---- C:\WINDOWS\system.ini
2010-02-05 15:52:20 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-02-05 15:51:28 ----D---- C:\WINDOWS\AppPatch
2010-02-04 19:02:30 ----D---- C:\WINDOWS\ERDNT
2010-02-04 19:01:53 ----D---- C:\Program Files\ICQ6.5
2010-02-04 18:59:09 ----RASH---- C:\boot.ini
2010-02-03 17:22:23 ----A---- C:\WINDOWS\wtran32.INI
2010-02-03 12:16:24 ----HD---- C:\WINDOWS\inf
2010-02-02 17:24:48 ----D---- C:\WINDOWS\system32\Restore
2010-01-18 12:47:34 ----D---- C:\Documents and Settings\MILAN\Application Data\ICQ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-11-16 96408]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-06-27 1315776]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-04-30 2880000]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-02-26 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-13 4879360]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-10-20 9856]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-04 105856]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2008-01-24 1090304]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-07-03 225664]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-03-27 47272]
S3 catchme;catchme; \??\C:\DOCUME~1\MILAN\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-11-09 717296]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-04-30 536576]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 ehttpsrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 20680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-21 182768]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

urobila som to. To je vsetko?
ak ano dakujem velmi velmi pekne za pomoc pri tomto "zdlhavom procese"

a za tvoju ochotu.

VIRY.CZ

Trojsky kon RUSTOCK

Trojsky kon RUSTOCK

Re: Trojsky kon RUSTOCK

Re: Trojsky kon RUSTOCK

Re: Trojsky kon RUSTOCK

Re: Trojsky kon RUSTOCK

Re: Trojsky kon RUSTOCK

Re: Trojsky kon RUSTOCK

Re: Trojsky kon RUSTOCK

Re: Trojsky kon RUSTOCK

Re: Trojsky kon RUSTOCK

Re: Trojsky kon RUSTOCK

Re: Trojsky kon RUSTOCK