Obsah fóra
PravidláRegistrovaťPrihlásenie




Odpovedať na tému [ Príspevkov: 18 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35
Bydlisko: BA
Príspevok NapísalOffline : 15.06.2008 10:42

cafte, mam problem.
1. po rebbote sa mi vypne automaticka aktualizacia aj ked ju zapnem tak sa pri dalsom rr sama vipne
2. v soundMAX control panel, ked menim hlasitost (vlasne aj v klasickom ovladani zvuku win..) tak to strasne seka a HDD pracuje na plne obratky (odinstaloval a nainstaloval som ovladace a nepomohlo)
taraz mi to v control panel napisalo ked som klikol na zvukove zariadenia ze chyba MMDRIVER.INF (tak ho idem najst a dam vediet)

nainstaloval som teda hijack
spravil log
dal skontrolovat na hijackthis.de
naslo:
!1xX: sys32/geBqkcd.dll
2x?: sys32/knpturt.dll, wvumngyw.dll

tak dam fix a cakam ze sa to vymaze.. restartujem a nic, zostalo to tam

zapnem hijack a dam: misc tool section: delete a file on reboot: dam uvedene subori a po restarte nic... su tam

tak asi viete co ma trapy... pls o rady,

BTW:mna napada:
1. dostat sa do C: bez windowsu (ako kedysi v dose, mozno to ide aj cez F8 nudzovy rezim..neviem este som neskusal... a tam pouzit nieco ako erase C:....)
2. nainstalovat ubuntu napriklad a otial to vymazat
3. zobrat HDD a vymazat z ineho kompu (ale nemam tu nic so sata ybernicou poruke)
4. napisat do autoexecu ci kam erase C:..... (ale predpokladam ze podobne funguje aj hijack)

tak ak sa vam xe napiste mi prosim co stim a ak sa da aj presne, lebo nevyznam sa v tych skratkach a tak... dik


Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35
Bydlisko: BA
Príspevok Napísal autor témyOffline : 15.06.2008 10:47

ozaj: nejde mi hladat v google, ani yahoo, ... nechapem to stranka nabehne a ked dam hladat tak len preloaduje

takze mam problem najst aj ten subor mmdriver.inf (kedze na CD windows nieje, podla tej tabulkz co mi vzskocila by mal byt)







_________________
q6600, 9800gtx, maximus formula
Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 15.06.2008 10:56

co tak sa podelit o log aj s nami? :)


Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35
Bydlisko: BA
Príspevok Napísal autor témyOffline : 15.06.2008 11:03

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:47, on 15.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CF5D165-517E-48B6-B3C7-3054A24F8BF6} - C:\WINDOWS\system32\geBqQKcD.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {EBBB5850-9344-4F8B-B7C4-EAD422B5E597} - C:\WINDOWS\system32\wvUmNGyw.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BM5fa83c9e] Rundll32.exe "C:\WINDOWS\system32\knptawrt.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: geBqQKcD - C:\WINDOWS\SYSTEM32\geBqQKcD.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\wave\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6617 bytes







_________________
q6600, 9800gtx, maximus formula
Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35
Bydlisko: BA
Príspevok Napísal autor témyOffline : 15.06.2008 11:20

tak toto uz je sila, nejde mi otvorit ani niektore diskusie, ako napr: Čistíme napadnutý počítač

a ako ta reklama na zaciatku sa mi objavuje PORNO... normalne niekedy sa mi nacitaju tie modre nadpisi, niekedy nic a niekedy pornoobrazky







_________________
q6600, 9800gtx, maximus formula
Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 15.06.2008 11:23

Pouzi Vundofix podla navodu: http://www.viry.cz/forum/viewtopic.php?t=16634
potom sem hod novy log z hijackthis


Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35
Bydlisko: BA
Príspevok Napísal autor témyOffline : 15.06.2008 11:47

takze spravil som aj podla prveho aj podla druheho programu v nudzovom rezime (naslo to v c//programfiles/powerISO/pwrisosh.dll)

asi to odstranilo kedze to tam nieje, ale google nejde a porno sa zobrazuje.. aj to zo zvukom zostalo, akurat automatic update uz nepinda, normalne je nastaveny ON..


hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:20, on 15.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QIP Infium\infium.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5E6A124D-D5F8-42FC-A916-C45BFE0F0690} - C:\WINDOWS\system32\wvUmNGyw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BM5fa83c9e] Rundll32.exe "C:\WINDOWS\system32\knptawrt.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\wave\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6386 bytes







_________________
q6600, 9800gtx, maximus formula
Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 15.06.2008 11:52

spusti combofix s tymto scriptom podla navodu: http://www.pcforum.sk/cistime-napadnuty ... 27265.html

Kód:
File::
C:\WINDOWS\system32\wvUmNGyw.dll
C:\WINDOWS\system32\knptawrt.dll


log z Combofixu vloz sem


Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35
Bydlisko: BA
Príspevok Napísal autor témyOffline : 15.06.2008 11:54

teraz z nicoho nic v system32 je ten gebqkcd.dll zobrazeny ako gebgkcd.dll.vir

tak som ho vymazal a ide klasicky delete...







_________________
q6600, 9800gtx, maximus formula
Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35
Bydlisko: BA
Príspevok Napísal autor témyOffline : 15.06.2008 11:55

idem na combofix, ale bude to dlhsie, pretoze mi nejde zobrazit tato tema na mojom pc.. tak beham k bratovy







_________________
q6600, 9800gtx, maximus formula
Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35
Bydlisko: BA
Príspevok Napísal autor témyOffline : 15.06.2008 12:02

ma tam byt 2x dvojbodka??? file::







_________________
q6600, 9800gtx, maximus formula
Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 15.06.2008 12:04

wave píše:
ma tam byt 2x dvojbodka??? file::


ano ma


Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35
Bydlisko: BA
Príspevok Napísal autor témyOffline : 15.06.2008 12:07

ok uz cakam tych 10 minut...







_________________
q6600, 9800gtx, maximus formula
Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35
Bydlisko: BA
Príspevok Napísal autor témyOffline : 15.06.2008 12:14

ComboFix 08-06-12.2 - wave 2008-06-15 12:06:35.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2835 [GMT 2:00]
Running from: C:\Documents and Settings\wave\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\wave\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\knptawrt.dll
C:\WINDOWS\system32\wvUmNGyw.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM5fa83c9e.xml
C:\WINDOWS\Fonts\CALIBRIB.TTF
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cqonjobi.dll
C:\WINDOWS\system32\eflvfuam.ini
C:\WINDOWS\system32\ibojnoqc.ini
C:\WINDOWS\system32\knptawrt.dll
C:\WINDOWS\system32\wvUmNGyw.dll
C:\WINDOWS\system32\wyGNmUvw.ini
C:\WINDOWS\system32\wyGNmUvw.ini2

.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.

2008-06-15 11:26 . 2008-06-15 11:29 <DIR> d-------- C:\VundoFix Backups
2008-06-15 11:01 . 2008-06-15 11:00 1,404 --a------ C:\WINDOWS\system32\MMDRIVER.inf
2008-06-15 02:34 . 2008-06-15 02:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 02:09 . 2008-06-15 02:09 <DIR> d-------- C:\Program Files\Analog Devices
2008-06-15 02:09 . 2008-06-15 02:09 <DIR> d-------- C:\Documents and Settings\wave\Application Data\vlc
2008-06-15 02:04 . 2008-06-15 02:04 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-15 01:58 . 2008-06-15 02:09 <DIR> d-------- C:\Program Files\Analog Devices(2)
2008-06-15 01:57 . 2008-06-15 02:09 <DIR> d-------- C:\WINDOWS\AsDmiHtm
2008-06-13 17:31 . 2008-06-13 17:42 <DIR> d-------- C:\Documents and Settings\wave\Graphisoft
2008-06-13 17:31 . 2008-06-13 17:42 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Graphisoft
2008-06-13 17:12 . 2008-06-13 17:12 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS
2008-06-13 17:12 . 2008-06-13 17:12 7,309 --a------ C:\WINDOWS\vpd.properties
2008-06-13 17:11 . 2008-06-13 17:11 <DIR> d-------- C:\Program Files\Graphisoft
2008-06-13 16:42 . 2008-06-13 16:43 <DIR> d-------- C:\Program Files\Revit Architecture 2009
2008-06-13 16:24 . 2007-01-10 14:00 244,736 --------- C:\WINDOWS\system32\drivers\c2scsi.sys
2008-06-13 16:21 . 2008-06-13 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-13 15:15 . 2008-06-13 15:15 <DIR> d-------- C:\Program Files\Bonjour
2008-06-13 15:04 . 2008-06-13 15:04 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-11 13:37 . 2008-06-13 19:21 <DIR> d-------- C:\Program Files\Opera
2008-06-11 13:01 . 2008-04-14 13:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:01 . 2008-04-14 13:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 21:33 . 2008-06-13 19:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 21:33 . 2008-06-15 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DeskShare
2008-06-10 21:31 . 2008-06-10 21:31 <DIR> d-------- C:\Documents and Settings\wave\Application Data\DivX
2008-06-09 15:31 . 2008-06-09 15:31 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-09 15:31 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-09 15:30 . 2008-06-09 15:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-09 15:08 . 2008-06-15 02:09 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-09 15:06 . 2008-06-13 16:47 <DIR> d-------- C:\Program Files\DivX
2008-06-08 14:26 . 2008-06-08 14:26 <DIR> d-------- C:\WINDOWS\Sun
2008-06-08 11:26 . 2008-06-08 11:26 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-08 11:25 . 2008-06-08 11:25 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-08 11:24 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-06-08 11:02 . 2008-06-15 02:16 <DIR> d-------- C:\Program Files\AutoCAD 2009
2008-06-07 23:41 . 2008-06-13 22:54 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-06-07 23:41 . 2008-06-04 23:23 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-06-07 11:39 . 2008-06-07 17:11 <DIR> d-------- C:\Program Files\Java
2008-06-07 11:39 . 2008-06-07 11:39 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-07 11:39 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-06 14:41 . 2008-06-07 18:21 23 --a------ C:\WINDOWS\popcinfot.dat
2008-06-05 23:26 . 2008-06-05 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-05 23:21 . 2008-06-05 23:21 <DIR> d-------- C:\Program Files\OpenAL
2008-06-05 00:34 . 2008-06-05 00:34 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-06-05 00:34 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-06-05 00:34 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-06-05 00:34 . 2008-06-15 12:10 182,851 --a------ C:\WINDOWS\system32\nvapps.xml
2008-06-05 00:34 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
2008-06-05 00:34 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm
2008-06-05 00:34 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
2008-06-05 00:34 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
2008-06-05 00:34 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-06-04 23:19 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-06-04 23:19 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-06-04 23:19 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-06-04 23:19 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-06-04 23:19 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-06-04 23:18 . 2008-06-09 15:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-04 23:18 . 2008-06-13 22:54 22,328 --------- C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 23:18 . 2008-06-04 23:18 22,328 --a------ C:\Documents and Settings\wave\Application Data\PnkBstrK.sys
2008-06-04 23:18 . 2008-06-04 23:18 276 --a------ C:\WINDOWS\game.ini
2008-06-04 23:08 . 2008-06-04 23:08 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-06-04 20:17 . 2008-06-13 16:32 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Roxio
2008-06-04 20:17 . 2008-06-04 20:17 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-06-04 17:59 . 2008-06-04 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-06-04 17:58 . 2008-06-15 02:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-06-04 17:56 . 2008-06-04 17:56 <DIR> d-------- C:\Program Files\SmartSound Software
2008-06-04 17:56 . 2008-06-15 03:03 <DIR> d-------- C:\Program Files\Roxio
2008-06-04 17:56 . 2008-06-15 02:57 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-04 17:56 . 2008-06-15 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-06-04 17:56 . 2008-06-04 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-04 17:54 . 2008-06-04 17:54 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-06-04 15:32 . 2008-06-04 15:32 <DIR> d-------- C:\Program Files\Xvid
2008-06-04 15:32 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-04 15:32 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-04 15:32 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-06-04 11:45 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-06-04 11:45 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-06-04 11:45 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-06-04 11:45 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-06-04 11:45 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-06-04 03:01 . 2008-06-04 03:01 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-04 03:01 . 2008-06-04 03:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-04 03:00 . 2008-06-04 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-02 19:56 . 2008-06-13 16:50 <DIR> d-------- C:\Program Files\TV JOJ Media Player
2008-06-01 21:46 . 2008-06-01 21:59 <DIR> d-------- C:\Program Files\AutoCAD 2008
2008-06-01 21:46 . 2008-06-13 17:43 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Autodesk
2008-06-01 21:46 . 2008-06-13 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-01 21:45 . 2008-06-15 02:16 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-01 21:45 . 2008-06-13 16:40 <DIR> d-------- C:\Program Files\Autodesk
2008-06-01 18:53 . 2008-06-01 18:53 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-01 18:44 . 2008-06-01 18:44 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Windows Desktop Search
2008-06-01 18:32 . 2008-06-01 18:32 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-06-01 17:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-01 17:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-01 17:41 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-01 17:39 . 2008-06-01 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-06-01 17:38 . 2008-06-01 17:38 <DIR> d-------- C:\Program Files\Common Files\HP
2008-06-01 17:37 . 2008-06-01 17:37 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-06-01 17:37 . 2008-06-01 17:37 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-01 17:35 . 2005-03-08 06:43 51,120 --------- C:\WINDOWS\system32\drivers\HPZid412.sys
2008-06-01 17:35 . 2005-03-08 06:43 16,496 --------- C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-06-01 17:34 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-06-01 17:34 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-06-01 17:34 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-06-01 17:34 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-06-01 17:34 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-06-01 17:34 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-06-01 17:34 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-06-01 17:34 . 2005-03-08 06:43 21,744 --------- C:\WINDOWS\system32\drivers\HPZius12.sys
2008-06-01 17:34 . 2004-08-03 22:58 15,104 --------- C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-01 17:34 . 2004-08-03 22:58 15,104 -----c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-01 17:27 . 2008-06-01 17:39 <DIR> d-------- C:\Program Files\HP
2008-06-01 17:27 . 2004-08-03 23:01 25,856 --------- C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-01 17:27 . 2004-08-03 23:01 25,856 -----c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-01 17:25 . 2008-06-01 17:42 <DIR> d-------- C:\Documents and Settings\wave\Application Data\HP
2008-06-01 17:25 . 2008-06-01 17:44 112,902 --a------ C:\WINDOWS\hpoins07.dat
2008-06-01 17:25 . 2005-05-24 04:48 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-06-01 17:23 . 2008-06-01 17:23 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-01 17:22 . 2008-06-08 11:27 <DIR> d-------- C:\Program Files\MSBuild
2008-06-01 17:22 . 2008-06-01 17:22 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-01 17:20 . 2008-06-01 17:22 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-01 17:20 . 2008-06-01 17:20 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-01 17:20 . 2008-06-01 17:20 <DIR> dr-h----- C:\MSOCache
2008-06-01 17:20 . 2008-06-10 23:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-01 10:42 . 2008-06-01 10:42 <DIR> d-------- C:\Program Files\IrfanView

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 15:53 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 20:46 6,554,496 ------w C:\WINDOWS\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-05-26 20:45 219952]
"Infium"="C:\Program Files\QIP Infium\infium.exe" [2008-04-07 16:54 4139008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 11:19 1426432]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 11:35 626176]
"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 10:32 880640]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2004-03-31 15:23 823296]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"BM5fa83c9e"="C:\WINDOWS\system32\knptawrt.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZyXEL G-302 v3 Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZyXEL G-302 v3 Utility.lnk
backup=C:\WINDOWS\pss\ZyXEL G-302 v3 Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-08-20 15:51 40960 C:\WINDOWS\VM_STI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft WinUpdate]
C:\WINDOWS\system32\mslatest_updt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch10"=2 (0x2)
"RoxMediaDB10"=3 (0x3)
"Roxio Upnp Server 10"=2 (0x2)
"Roxio UPnP Renderer 10"=3 (0x3)
"WZCSVC"=2 (0x2)
"Webcam Corp. Service Starter"=3 (0x3)
"PnkBstrA"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\StrongDC++\\StrongDC.exe"=
"C:\\Program Files\\Steam\\SteamApps\\n0by@gs14.sk\\counter-strike\\hl.exe"=
"E:\\_gamesky\\BF2\\BF2.exe"=
"E:\\_gamesky\\BF2\\Bf2_w32ded.exe"=
"E:\\_gamesky\\hl2\\hl2.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\QIP Infium\\infium.exe"=
"E:\\_gamesky\\colinDirt\\DiRT.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\_gamesky\\grid\\GRID.exe"=
"C:\\Program Files\\Steam\\SteamApps\\n0by@gs14.sk\\half-life 2 deathmatch\\hl2.exe"=
"E:\\_gamesky\\cod4\\iw3mp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"81:TCP"= 81:TCP:Windows Media Format SDK (webcam.exe)

R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2007-01-10 14:00]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
S2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys []
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" []
S2 SessionLauncher;SessionLauncher;C:\DOCUME~1\wave\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys []
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;C:\WINDOWS\system32\DRIVERS\superwebcam.sys [2006-06-27 08:56]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-27 06:55]
S4 Webcam Corp. Service Starter;Webcam Corp. Service Starter;C:\Program Files\Webcam\Webcam123\dogsvc.exe []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 15:23:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 12:11:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\NetLimiter\nl_lsp.dll
-> C:\WINDOWS\system32\nl_msgc.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-15 12:13:39 - machine was rebooted [wave]
ComboFix-quarantined-files.txt 2008-06-15 10:13:22

Pre-Run: 84,585,877,504 bytes free
Post-Run: 84,538,785,792 bytes free

296 --- E O F --- 2008-06-12 08:26:18







_________________
q6600, 9800gtx, maximus formula
Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35
Bydlisko: BA
Príspevok Napísal autor témyOffline : 15.06.2008 12:17

funguje mi google aj vsetko, akurat sa mi nezapol soundmax control panel... ale zvuk ide a neseka ovladanie hlasitosti... skusim rr a potom ovladac z cdcka od zakladky ak nenabehne control panel...

vyzera to byt vyriesene, ak sa nahodou stretneme mas u mna kopec piv, diky moooooooc







_________________
q6600, 9800gtx, maximus formula
Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 15.06.2008 12:34

este spusti combofix s tymto scriptom

Kód:
File::
C:\WINDOWS\popcinfot.dat

Folder::
C:\VundoFix Backups

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM5fa83c9e"=-

Driver::
SessionLauncher


Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35
Bydlisko: BA
Príspevok Napísal autor témyOffline : 15.06.2008 13:01

och, nevsimol som si druhu stranu... idem na to


Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35
Bydlisko: BA
Príspevok Napísal autor témyOffline : 15.06.2008 13:19

ComboFix 08-06-12.2 - wave 2008-06-15 13:03:44.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2816 [GMT 2:00]
Running from: C:\Documents and Settings\wave\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\wave\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\popcinfot.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\PWRISOSH.DLL.bad
C:\WINDOWS\popcinfot.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SESSIONLAUNCHER
-------\Service_SessionLauncher


((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.

2008-06-15 12:59 . 2008-06-15 12:59 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-06-15 11:01 . 2008-06-15 11:00 1,404 --a------ C:\WINDOWS\system32\MMDRIVER.inf
2008-06-15 02:34 . 2008-06-15 02:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 02:09 . 2008-06-15 02:09 <DIR> d-------- C:\Program Files\Analog Devices
2008-06-15 02:09 . 2008-06-15 02:09 <DIR> d-------- C:\Documents and Settings\wave\Application Data\vlc
2008-06-15 02:04 . 2008-06-15 02:04 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-15 01:58 . 2008-06-15 02:09 <DIR> d-------- C:\Program Files\Analog Devices(2)
2008-06-15 01:57 . 2008-06-15 02:09 <DIR> d-------- C:\WINDOWS\AsDmiHtm
2008-06-13 17:31 . 2008-06-13 17:42 <DIR> d-------- C:\Documents and Settings\wave\Graphisoft
2008-06-13 17:31 . 2008-06-13 17:42 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Graphisoft
2008-06-13 17:12 . 2008-06-13 17:12 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS
2008-06-13 17:12 . 2008-06-13 17:12 7,309 --a------ C:\WINDOWS\vpd.properties
2008-06-13 17:11 . 2008-06-13 17:11 <DIR> d-------- C:\Program Files\Graphisoft
2008-06-13 16:42 . 2008-06-13 16:43 <DIR> d-------- C:\Program Files\Revit Architecture 2009
2008-06-13 16:24 . 2007-01-10 14:00 244,736 --------- C:\WINDOWS\system32\drivers\c2scsi.sys
2008-06-13 16:21 . 2008-06-13 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-13 15:15 . 2008-06-13 15:15 <DIR> d-------- C:\Program Files\Bonjour
2008-06-13 15:04 . 2008-06-13 15:04 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-11 13:37 . 2008-06-13 19:21 <DIR> d-------- C:\Program Files\Opera
2008-06-11 13:01 . 2008-04-14 13:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:01 . 2008-04-14 13:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 21:33 . 2008-06-13 19:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 21:33 . 2008-06-15 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DeskShare
2008-06-10 21:31 . 2008-06-10 21:31 <DIR> d-------- C:\Documents and Settings\wave\Application Data\DivX
2008-06-09 15:31 . 2008-06-09 15:31 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-09 15:31 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-09 15:30 . 2008-06-09 15:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-09 15:08 . 2008-06-15 02:09 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-09 15:06 . 2008-06-13 16:47 <DIR> d-------- C:\Program Files\DivX
2008-06-08 14:26 . 2008-06-08 14:26 <DIR> d-------- C:\WINDOWS\Sun
2008-06-08 11:26 . 2008-06-08 11:26 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-08 11:25 . 2008-06-08 11:25 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-08 11:24 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-06-08 11:02 . 2008-06-15 02:16 <DIR> d-------- C:\Program Files\AutoCAD 2009
2008-06-07 23:41 . 2008-06-15 13:00 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-06-07 23:41 . 2008-06-15 12:59 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-06-07 11:39 . 2008-06-07 17:11 <DIR> d-------- C:\Program Files\Java
2008-06-07 11:39 . 2008-06-07 11:39 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-07 11:39 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-05 23:26 . 2008-06-05 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-05 23:21 . 2008-06-05 23:21 <DIR> d-------- C:\Program Files\OpenAL
2008-06-05 00:34 . 2008-06-05 00:34 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-06-05 00:34 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-06-05 00:34 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-06-05 00:34 . 2008-06-15 13:12 182,851 --a------ C:\WINDOWS\system32\nvapps.xml
2008-06-05 00:34 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
2008-06-05 00:34 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm
2008-06-05 00:34 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
2008-06-05 00:34 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
2008-06-05 00:34 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-06-04 23:19 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-06-04 23:19 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-06-04 23:19 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-06-04 23:19 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-06-04 23:19 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-06-04 23:18 . 2008-06-09 15:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-04 23:18 . 2008-06-15 13:00 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 23:18 . 2008-06-15 13:00 22,328 --a------ C:\Documents and Settings\wave\Application Data\PnkBstrK.sys
2008-06-04 23:18 . 2008-06-04 23:18 276 --a------ C:\WINDOWS\game.ini
2008-06-04 23:08 . 2008-06-04 23:08 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-06-04 20:17 . 2008-06-13 16:32 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Roxio
2008-06-04 20:17 . 2008-06-04 20:17 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-06-04 17:59 . 2008-06-04 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-06-04 17:58 . 2008-06-15 02:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-06-04 17:56 . 2008-06-04 17:56 <DIR> d-------- C:\Program Files\SmartSound Software
2008-06-04 17:56 . 2008-06-15 03:03 <DIR> d-------- C:\Program Files\Roxio
2008-06-04 17:56 . 2008-06-15 02:57 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-04 17:56 . 2008-06-15 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-06-04 17:56 . 2008-06-04 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-04 17:54 . 2008-06-04 17:54 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-06-04 15:32 . 2008-06-04 15:32 <DIR> d-------- C:\Program Files\Xvid
2008-06-04 15:32 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-04 15:32 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-04 15:32 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-06-04 11:45 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-06-04 11:45 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-06-04 11:45 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-06-04 11:45 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-06-04 11:45 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-06-04 03:01 . 2008-06-04 03:01 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-04 03:01 . 2008-06-04 03:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-04 03:00 . 2008-06-04 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-02 19:56 . 2008-06-13 16:50 <DIR> d-------- C:\Program Files\TV JOJ Media Player
2008-06-01 21:46 . 2008-06-01 21:59 <DIR> d-------- C:\Program Files\AutoCAD 2008
2008-06-01 21:46 . 2008-06-13 17:43 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Autodesk
2008-06-01 21:46 . 2008-06-13 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-01 21:45 . 2008-06-15 02:16 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-01 21:45 . 2008-06-13 16:40 <DIR> d-------- C:\Program Files\Autodesk
2008-06-01 18:53 . 2008-06-01 18:53 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-01 18:44 . 2008-06-01 18:44 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Windows Desktop Search
2008-06-01 18:32 . 2008-06-01 18:32 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-06-01 17:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-01 17:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-01 17:41 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-01 17:39 . 2008-06-01 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-06-01 17:38 . 2008-06-01 17:38 <DIR> d-------- C:\Program Files\Common Files\HP
2008-06-01 17:37 . 2008-06-01 17:37 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-06-01 17:37 . 2008-06-01 17:37 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-01 17:35 . 2005-03-08 06:43 51,120 --------- C:\WINDOWS\system32\drivers\HPZid412.sys
2008-06-01 17:35 . 2005-03-08 06:43 16,496 --------- C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-06-01 17:34 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-06-01 17:34 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-06-01 17:34 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-06-01 17:34 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-06-01 17:34 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-06-01 17:34 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-06-01 17:34 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-06-01 17:34 . 2005-03-08 06:43 21,744 --------- C:\WINDOWS\system32\drivers\HPZius12.sys
2008-06-01 17:34 . 2004-08-03 22:58 15,104 --------- C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-01 17:34 . 2004-08-03 22:58 15,104 -----c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-01 17:27 . 2008-06-01 17:39 <DIR> d-------- C:\Program Files\HP
2008-06-01 17:27 . 2004-08-03 23:01 25,856 --------- C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-01 17:27 . 2004-08-03 23:01 25,856 -----c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-01 17:25 . 2008-06-01 17:42 <DIR> d-------- C:\Documents and Settings\wave\Application Data\HP
2008-06-01 17:25 . 2008-06-01 17:44 112,902 --a------ C:\WINDOWS\hpoins07.dat
2008-06-01 17:25 . 2005-05-24 04:48 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-06-01 17:23 . 2008-06-01 17:23 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-01 17:22 . 2008-06-08 11:27 <DIR> d-------- C:\Program Files\MSBuild
2008-06-01 17:22 . 2008-06-01 17:22 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-01 17:20 . 2008-06-01 17:22 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-01 17:20 . 2008-06-01 17:20 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-01 17:20 . 2008-06-01 17:20 <DIR> dr-h----- C:\MSOCache
2008-06-01 17:20 . 2008-06-10 23:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-01 10:42 . 2008-06-01 10:42 <DIR> d-------- C:\Program Files\IrfanView
2008-06-01 10:42 . 2008-06-09 08:06 <DIR> d-------- C:\Program Files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 15:53 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 20:46 6,554,496 ------w C:\WINDOWS\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-15_12.13.14.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-15 10:10:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 11:07:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 10:59:36 9,662 ----a-r C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\ARPPRODUCTICON.exe
+ 2008-06-15 10:59:36 10,134 ----a-r C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\checkForUpdatesSC_000E79B7E7254F01870AC12942B7F8E4.exe
+ 2008-06-15 10:59:36 10,134 ----a-r C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\visitWebsite_000E79B7E7254F01870AC12942B7F8E4.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-05-26 20:45 219952]
"Infium"="C:\Program Files\QIP Infium\infium.exe" [2008-04-07 16:54 4139008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 11:19 1426432]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 11:35 626176]
"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 10:32 880640]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2004-03-31 15:23 823296]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZyXEL G-302 v3 Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZyXEL G-302 v3 Utility.lnk
backup=C:\WINDOWS\pss\ZyXEL G-302 v3 Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-08-20 15:51 40960 C:\WINDOWS\VM_STI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft WinUpdate]
C:\WINDOWS\system32\mslatest_updt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch10"=2 (0x2)
"RoxMediaDB10"=3 (0x3)
"Roxio Upnp Server 10"=2 (0x2)
"Roxio UPnP Renderer 10"=3 (0x3)
"WZCSVC"=2 (0x2)
"Webcam Corp. Service Starter"=3 (0x3)
"PnkBstrA"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\StrongDC++\\StrongDC.exe"=
"C:\\Program Files\\Steam\\SteamApps\\n0by@gs14.sk\\counter-strike\\hl.exe"=
"E:\\_gamesky\\BF2\\BF2.exe"=
"E:\\_gamesky\\BF2\\Bf2_w32ded.exe"=
"E:\\_gamesky\\hl2\\hl2.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\QIP Infium\\infium.exe"=
"E:\\_gamesky\\colinDirt\\DiRT.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\_gamesky\\grid\\GRID.exe"=
"C:\\Program Files\\Steam\\SteamApps\\n0by@gs14.sk\\half-life 2 deathmatch\\hl2.exe"=
"E:\\_gamesky\\cod4\\iw3mp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"E:\\_gamesky\\crysis_wvn\\Bin32\\Crysis.exe"=
"E:\\_gamesky\\crysis_wvn\\Bin32\\CrysisDedicatedServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"81:TCP"= 81:TCP:Windows Media Format SDK (webcam.exe)

R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2007-01-10 14:00]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
S2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys []
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys []
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;C:\WINDOWS\system32\DRIVERS\superwebcam.sys [2006-06-27 08:56]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-27 06:55]
S4 Webcam Corp. Service Starter;Webcam Corp. Service Starter;C:\Program Files\Webcam\Webcam123\dogsvc.exe []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 15:23:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 13:12:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\NetLimiter\nl_lsp.dll
-> C:\WINDOWS\system32\nl_msgc.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-15 13:16:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-15 11:15:43
ComboFix2.txt 2008-06-15 10:13:40

Pre-Run: 84,361,220,096 bytes free
Post-Run: 84,356,780,032 bytes free

303 --- E O F --- 2008-06-12 08:26:18







_________________
q6600, 9800gtx, maximus formula
Odpovedať na tému [ Príspevkov: 18 ] 


Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy. Nejde odstrániť súbor..

v Antivíry a antispywary

8

3821

03.10.2009 12:04

dom34 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Ako odstrániť GPU

v ATI/AMD grafické karty

12

636

14.08.2011 19:37

Pepo32 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Ako odstranit logo?

v Grafické programy

2

978

25.02.2008 17:37

mufin Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. ako odstranit toto

v HTML, XHTML, XML, CSS

3

797

15.06.2007 13:13

ma®tin Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. ako odstranit intern explorer?

v Operačné systémy Microsoft

14

1305

19.07.2010 16:49

pato342 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Ako odstranit kontextove menu

v Operačné systémy Microsoft

4

500

30.10.2007 22:46

Axwell Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. ako odstranit WIN 7 ?

v Operačné systémy Microsoft

10

1533

06.08.2010 21:42

killer Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Ako odstrániť MS Frontpage?

v Operačné systémy Microsoft

10

1569

10.08.2005 16:43

Cupi Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. OS Selector - ako ho odstranit?

v Operačné systémy Microsoft

4

523

17.09.2007 0:06

piaggio Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Ako odstrániť pozadie z obrázka

v Grafické programy

2

453

15.05.2013 10:56

hujco Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. ako odstranit chyby na webe

v Ostatné

9

1226

18.02.2009 14:07

bloger7 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Messenger.exe virus - ako odstranit?

v Antivíry a antispywary

8

1517

23.04.2011 11:18

ac.milan Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Bonjour - Ako odstranit celu zlozku

v Antivíry a antispywary

2

539

04.12.2007 17:11

Axwell Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. SWEET IM AKO HO ODSTRANIT

v Sieťové a internetové programy

4

479

04.11.2013 15:32

Denco1 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Ako odstrániť sparovanie s TV?

v Ostatné programy

0

398

13.05.2018 20:30

AyameSenpai Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. ako to odstranit mp3 prehravac?

v Ostatné programy

0

503

07.11.2007 17:27

sairik Zobrazenie posledných príspevkov


Nemôžete zakladať nové témy v tomto fóre
Nemôžete odpovedať na témy v tomto fóre
Nemôžete upravovať svoje príspevky v tomto fóre
Nemôžete mazať svoje príspevky v tomto fóre

Skočiť na:  

Powered by phpBB Jarvis © 2005 - 2024 PCforum, webhosting by WebSupport, secured by GeoTrust, edited by JanoF
Ako väčšina webových stránok aj my používame cookies. Zotrvaním na webovej stránke súhlasíte, že ich môžeme používať.
Všeobecné podmienky, spracovanie osobných údajov a pravidlá fóra