[ Príspevkov: 32 ] 1, 2
AutorSpráva
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 15.08.06
Prihlásený: 28.04.08
Príspevky: 339
Témy: 44 | 44

Jednemu znamemu sa podarilo chytit tento malware a ja sa ho neviem zbavit. Neexistuje na to nejaky nastroj?


_________________
CPU: Core 2 Duo E6750 | Memory: 1 x 2048 MB Apacer 800Mhz DDR2 | Sound: Realtek (nejaky onboard) | Board: Asus P5KC | VGA: Asus EN6800 256MB | HDD: Samsung SpinPoint T166 HD501LJ |Zdroj: Fortron FSP-400-60GLN | DVD-RW: Samsung | Keyboard+mouse: Logitech MX3100 wireless desktop set | LCD: HP Pavilion w2207v | Case: Thermaltake KANDALF black VA9000BWS window
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25

Existuje => http://www.viry.cz/forum/viewtopic.php?t=16475


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 12.04.07
Prihlásený: 06.05.08
Príspevky: 9
Témy: 2 | 2

hi.
mam rovnaky problem ako spipo.Uz som vykonal danu operaciu, ale pri prikaze CLEAN vypise ,ze nemam dostaocne opravnenie, nech kontaktujem administratora (aj ked som prihlaseny na ucte administratora). po vycisteni registrov a prepnuti do normalneho rezimu je vsak problem taky isty ako bol predtym:( danu infekciu som sa snazil odstranit cez avast! , aj ADadware a abidva programi to odstranili, ale problem stale pretrava...okna vyskakuju,book mrzne a ja stracam nervy:((((


Rbot, help me!


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25

Vlož log z HijackThis => http://www.viry.cz/forum/viewtopic.php?t=16765


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 12.04.07
Prihlásený: 06.05.08
Príspevky: 9
Témy: 2 | 2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:28, on 25.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Eset\nod32krn.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Eset\nod32kui.exe
E:\Program Files\Java\jre1.5.0\bin\jusched.exe
E:\WINDOWS\sm56hlpr.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
E:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
E:\Program Files\ASUS\ASUS Live Update\ALU.exe
E:\WINDOWS\ATK0100\HControl.exe
E:\Program Files\Wireless Console 2\wcourier.exe
E:\Program Files\ASUS\WLAN Card Utilities\Center.exe
E:\Program Files\ICQLite\ICQLite.exe
E:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\WINDOWS\System32\ASUSTPE.exe
E:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
E:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
E:\WINDOWS\ATK0100\ATKOSD.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\totalcmd\TOTALCMD.EXE
E:\Program Files\Windows Media Player\wmplayer.exe
E:\WINDOWS\system32\SNDVOL32.EXE
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\WINDOWS\system32\HPBPRO.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - E:\WINDOWS\system32\ahyxiyjn.dll
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SMSERIAL] E:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] E:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PowerForPhone] E:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ASUS Live Update] E:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HControl] E:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Wireless Console 2] E:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [Control Center] E:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [ICQ Lite] "E:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [StatusClient] E:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] E:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [000000af] rundll32.exe "E:\WINDOWS\system32\gwyuohio.dll",b
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [admxsxsb] rundll32.exe "E:\Program Files\admxsxsb\sfatyxuz.dll",Init
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ASUSTPE] E:\WINDOWS\System32\ASUSTPE.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{43776271-D134-4364-AEF3-082D42D83690}: NameServer = 213.151.236.74,213.151.236.66
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASWLSVC - Unknown owner - E:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7391 bytes


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25

Použite Avenger => http://www.viry.cz/forum/viewtopic.php?t=19832

Kód:
Files to delete:
E:\WINDOWS\system32\ahyxiyjn.dll


Použite toto => http://www.viry.cz/forum/viewtopic.php?t=16634


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 12.04.07
Prihlásený: 06.05.08
Príspevky: 9
Témy: 2 | 2

tento proces som zvladol uspesne, zastavilo to infekciu, ale po odstraneni mi este ADadware nasiel v registroch malware ktory odstranil a ani pri dalsej plnej kontrole sa uz neobjavil.

No este ma trapi jedna vec, po odstraneni viru moj notebook je znacne spomaleny a zamrza mi HLAVNY PANEL, okna sa nechcu prepinat a castokrat ani nie zatvarat, hoci vytazenie procesora je minimalne...moze to byt sposobene tym virom , alebo ako mozem tento nedostatok dat do povodneho stavu?


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 12.04.07
Prihlásený: 06.05.08
Príspevky: 9
Témy: 2 | 2

po dni absencie sa zasa vratil :shit: ako to mozem odstranit permanentne? este raz log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:25:06, on 27.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\wvrllmho.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Eset\nod32krn.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Eset\nod32kui.exe
E:\Program Files\Java\jre1.5.0\bin\jusched.exe
E:\WINDOWS\sm56hlpr.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\ASUS\ASUS Live Update\ALU.exe
E:\WINDOWS\ATK0100\HControl.exe
E:\Program Files\Wireless Console 2\wcourier.exe
E:\Program Files\ASUS\WLAN Card Utilities\Center.exe
E:\Program Files\ICQLite\ICQLite.exe
E:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\System32\ASUSTPE.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\WINDOWS\ATK0100\ATKOSD.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
E:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
E:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Palo GRIGA\Plocha\winbox.exe
E:\Program Files\SecCenter\scprot4.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - E:\WINDOWS\system32\bslvwxrz.dll
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SMSERIAL] E:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] E:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PowerForPhone] E:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ASUS Live Update] E:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HControl] E:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Wireless Console 2] E:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [Control Center] E:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [ICQ Lite] "E:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [StatusClient] E:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] E:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [admxsxsb] rundll32.exe "E:\Program Files\admxsxsb\sfatyxuz.dll",Init
O4 - HKLM\..\Run: [000000af] rundll32.exe "E:\WINDOWS\system32\oscrbirg.dll",b
O4 - HKLM\..\Run: [SC2] E:\Program Files\SecCenter\scprot4.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ASUSTPE] E:\WINDOWS\System32\ASUSTPE.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{43776271-D134-4364-AEF3-082D42D83690}: NameServer = 213.151.236.74,213.151.236.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF479E99-317A-4906-BAA3-6C3282BEE87B}: NameServer = 213.151.236.74,213.151.236.66
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASWLSVC - Unknown owner - E:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - - E:\WINDOWS\system32\wvrllmho.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7761 bytes
:jaw: :jaw: :jaw: :jaw: :jaw: :jaw: :shit:


Offline

Skúsený užívateľ
Skúsený užívateľ
ako odstranit malware "bestseller antivirus"?

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V

Predošlý postup s VundoFix prebehol bez problémov? Pošli log z Combofix a mwav (stačí E:, pred skenom ho aktualizuj).


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 12.04.07
Prihlásený: 06.05.08
Príspevky: 9
Témy: 2 | 2

najskor chcem podakovat vsetkym, ktory si davaju ten cas a pomozu mi zbavit sa tejto nakazy.

predtym ako som spustil mwaw tak som znova prehladal disk s AD-ADWARE a vundofix. potom som si nechal kontrolovat disk co trvalo hodnu chvilu...a tu je log bez neplatnych objektov a je vidiet ze nakaza sa u mna rozrasta :(

File E:\WINDOWS\system32\qomkllk.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.azg". Action Taken: No Action Taken.
File E:\WINDOWS\system32\qomkllk.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.azg". Action Taken: No Action Taken.
File E:\WINDOWS\system32\qomkllk.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.azg". Action Taken: No Action Taken.
Object "spyware.imfmonitor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
"E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.
"E:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.
.
Action Taken.
File E:\WINDOWS\system32\gebabya.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.azg". Action Taken: No Action Taken.
File E:\WINDOWS\system32\gebyvst.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.azg". Action Taken: No Action Taken.
File E:\WINDOWS\system32\qomkllk.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.azg". Action Taken: No Action Taken.
File E:\avenger\backup.zip/avenger/ahyxiyjn.dll tagged as "not-a-virus:AdWare.Win32.SecToolBar.k". Action Taken: No Action Taken.
File E:\Program Files\admxsxsb\sfatyxuz.dll infected by "Trojan-Downloader.Win32.Zlob.enu" Virus! Action Taken: No Action Taken.
File E:\Program Files\BitLord\Downloads\Mumbojumbo Games - Luxor 2 + Crack\luxor2.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File E:\Program Files\BitLord\Downloads\Real Arcade - Luxor 3 (Fully Cracked) (fscarberry20)\Luxor_3.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File E:\Program Files\BitLord\Downloads\Real Arcade - Luxor 3 (Fully Cracked) (fscarberry20)\MumboJumbo Luxor 2 2.00.rar/keygen.exe infected by "Trojan.Win32.Dialer.qn" Virus! Action Taken: No Action Taken.
File E:\Program Files\BitLord\Downloads\Real Arcade - Luxor 3 (Fully Cracked) (fscarberry20)\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
File E:\Program Files\BitLord\Downloads\Real Arcade - Luxor 3 (Fully Cracked) (fscarberry20)\SmitfraudFix.exe//data.rar/SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\catchme2007-11-29_180757.15.zip/ssqrr.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.ayv". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\bbblggca.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\cufndnmt.dll.vir tagged as "not-a-virus:AdWare.Win32.SuperJuan.h". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\gqngskpq.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\hnjdmydb.dll.vir tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\ikhnrqyq.dll.vir tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\jdmbtapq.dll.vir tagged as "not-a-virus:AdWare.Win32.SuperJuan.h". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\jomivubu.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\jwapaqkk.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\mdmchkdy.dll.vir tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\nldgqpyh.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\svgglmtk.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\tnrtmwuk\tnrtmwuk2.exe.vir tagged as "not-a-virus:FraudTool.Win32.UltimateDefender.v". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\tnrtmwuk\tnrtmwuk3.exe.vir//PE_Patch.UPX//UPX tagged as "not-a-virus:Downloader.Win32.UltimateFix.d". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\tpcwdoia\tpcwdoia2.exe.vir tagged as "not-a-virus:FraudTool.Win32.UltimateDefender.v". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\tpcwdoia\tpcwdoia3.exe.vir//PE_Patch.UPX//UPX tagged as "not-a-virus:Downloader.Win32.UltimateFix.d". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\tvwidbsn.dll.vir tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\uopdyjre.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\wvrllmho.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP92\A0043943.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP92\A0043996.sys tagged as "not-a-virus:FraudTool.Win32.BestSeller.a". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP92\A0043997.sys tagged as "not-a-virus:FraudTool.Win32.BestSeller.a". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP92\A0044008.dll tagged as "not-a-virus:FraudTool.Win32.BestSeller.a". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP92\A0048266.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP92\A0049314.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP93\A0050399.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP94\A0050456.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050518.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050519.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050520.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050521.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050522.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050523.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050524.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050526.exe tagged as "not-a-virus:FraudTool.Win32.UltimateDefender.v". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050527.exe//PE_Patch.UPX//UPX tagged as "not-a-virus:Downloader.Win32.UltimateFix.d". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050529.exe tagged as "not-a-virus:FraudTool.Win32.UltimateDefender.v". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050530.exe//PE_Patch.UPX//UPX tagged as "not-a-virus:Downloader.Win32.UltimateFix.d". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050533.dll tagged as "not-a-virus:AdWare.Win32.SuperJuan.h". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050536.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050537.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050538.dll tagged as "not-a-virus:AdWare.Win32.SuperJuan.h". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050540.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050541.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050552.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.ayv". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP96\A0050752.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP96\A0050835.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\VundoFix Backups\bslvwxrz.dll.bad tagged as "not-a-virus:AdWare.Win32.SecToolBar.k". Action Taken: No Action Taken.
File E:\VundoFix Backups\hygukoti.dll.bad tagged as "not-a-virus:AdWare.Win32.SecToolBar.k". Action Taken: No Action Taken.
File E:\VundoFix Backups\wxahohyp.dll.bad tagged as "not-a-virus:AdWare.Win32.SecToolBar.k". Action Taken: No Action Taken.
File E:\WINDOWS\system32\gebabya.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.azg". Action Taken: No Action Taken.
File E:\WINDOWS\system32\gebyvst.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.azg". Action Taken: No Action Taken.
File E:\WINDOWS\system32\qomkllk.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.azg". Action Taken: No Action Taken.
File F:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP74\A0037883.EXE//WISE0003.BIN infected by "Virus.Win9x.CIH.dam" Virus! Action Taken: No Action Taken.
File F:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP74\A0037885.EXE tagged as "not-a-virus:PSWTool.Win32.PWDump.b". No Action Taken.
File F:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP74\A0037946.exe tagged as "not-a-virus:PSWTool.Win32.AirCrack.a". No Action Taken.


Offline

Skúsený užívateľ
Skúsený užívateľ
ako odstranit malware "bestseller antivirus"?

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V

Už mi dochádzajú riešenia, tak aspoň skús:
- vypnúť obnovu systému
- vymazať E:\avenger, E:\qoobox, E:\VundoFix Backups a podozrivé súbory z Bitlordu
- do Avengeru:
Kód:
files to delete:
E:\WINDOWS\system32\qomkllk.dll
E:\WINDOWS\system32\gebabya.dll
E:\WINDOWS\system32\gebyvst.dll
E:\WINDOWS\system32\oscrbirg.dll
folders to delete:
E:\Program Files\admxsxsb

- skús sdfix
Skús vytvoriť nový administrátorský účet a spustiť v ňom smitfraudfix.
Nejde ten bestseller av odinštalovať? Niekedy to je možné.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 12.04.07
Prihlásený: 06.05.08
Príspevky: 9
Témy: 2 | 2

po odskusani vsetkych horeuvedenych rieseni sa tentokrat podarilo odinstalovat vir z mojho PC tak dakujem br4no-vi a Rbot-ovi . dufam, ze je nenavratne prec.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.06.08
Prihlásený: 14.06.08
Príspevky: 9
Témy: 0 | 0

Rbot píše:
Zdravim mozete mi pomoct odstranit" cosi " z mojho win? Nabieha mi stale windows antivirus - malaware atd. Na spodku tie 2 ikonky vykricnik a krizik. Po prihlaseni na internet. Obnovenie nestaci.Po prihlaseni je to tam v priebehu 5 min a potom to uz ostava. Tu je log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:50, on 6.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R3 - URLSearchHook: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {6F5D40A0-61D2-C26B-B1AE-0B9F23F7872E} - C:\WINDOWS\system32\httnkizr.dll (file missing)
O2 - BHO: Explorer Object - {6F6E22C2-DAB8-A296-A82A-72369A54A423} - C:\WINDOWS\system\cudact32.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O3 - Toolbar: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Documents and Settings\Administrator\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvgul.dll,startup
O4 - HKLM\..\Run: [fqjarezu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\fqjarezu.dll"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKLM\..\Policies\Explorer\Run: [H14f0KeSVc] C:\WINDOWS\system32\winver.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://81.10.200.238/activex/AxisCamControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C176C2EA-F9A2-419E-A5CE-347D45667E02}: NameServer = 195.146.132.58 195.146.128.60
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: wintfj32 - C:\WINDOWS\SYSTEM32\wintfj32.dll
O20 - Winlogon Notify: wintss32 - wintss32.dll (file missing)
O21 - SSODL: WinCTL - {009541A0-3B00-1F1C-00F3-040224009C02} - C:\Program Files\Common Files\winctl.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.macky.sutaz-infovek.sk/Obrazky/m12.JPG
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 2: (no name) - http://sk1.superhry.cz/c2.php?image=2329-140.jpg

--
End of file - 9187 bytes :cry: Dakujem perlino :cry: :cry:


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno

fix v Hijackthis:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {6F5D40A0-61D2-C26B-B1AE-0B9F23F7872E} - C:\WINDOWS\system32\httnkizr.dll (file missing)
O2 - BHO: Explorer Object - {6F6E22C2-DAB8-A296-A82A-72369A54A423} - C:\WINDOWS\system\cudact32.dll (file missing)
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Documents and Settings\Administrator\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O8 - Extra context menu item: &Search - ?p=ZJ
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O20 - Winlogon Notify: wintss32 - wintss32.dll (file missing)
O21 - SSODL: WinCTL - {009541A0-3B00-1F1C-00F3-040224009C02} - C:\Program Files\Common Files\winctl.dll (file missing)
O4 - HKLM\..\Policies\Explorer\Run: [H14f0KeSVc] C:\WINDOWS\system32\winver.exe



potom spusti combofix s tymto scriptom podla navodu: http://www.pcforum.sk/cistime-napadnuty ... 27265.html

Kód:
Killall::

File::
C:\Program Files\Microsoft Security Adviser\msctrl.exe
C:\Program Files\Microsoft Security Adviser\msavsc.exe
C:\Program Files\Microsoft Security Adviser\msscan.exe
C:\Program Files\Microsoft Security Adviser\msiemon.exe
C:\Program Files\Microsoft Security Adviser\msfw.exe
C:\WINDOWS\SYSTEM32\wintfj32.dll
C:\WINDOWS\system32\drvgul.dll
C:\Documents and Settings\All Users\Application Data\fqjarezu.dll

Folder::
C:\Program Files\Microsoft Security Adviser


potom vloz sem novy log z Hjt + combofixu, co ti vyskoci po scanovani


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.06.08
Prihlásený: 14.06.08
Príspevky: 9
Témy: 0 | 0

yaJohny píše:
fix v Hijackthis:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {6F5D40A0-61D2-C26B-B1AE-0B9F23F7872E} - C:\WINDOWS\system32\httnkizr.dll (file missing)
O2 - BHO: Explorer Object - {6F6E22C2-DAB8-A296-A82A-72369A54A423} - C:\WINDOWS\system\cudact32.dll (file missing)
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Documents and Settings\Administrator\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O8 - Extra context menu item: &Search - ?p=ZJ
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O20 - Winlogon Notify: wintss32 - wintss32.dll (file missing)
O21 - SSODL: WinCTL - {009541A0-3B00-1F1C-00F3-040224009C02} - C:\Program Files\Common Files\winctl.dll (file missing)
O4 - HKLM\..\Policies\Explorer\Run: [H14f0KeSVc] C:\WINDOWS\system32\winver.exe



potom spusti combofix s tymto scriptom podla navodu: http://www.pcforum.sk/cistime-napadnuty ... 27265.html

Kód:
Killall::

File::
C:\Program Files\Microsoft Security Adviser\msctrl.exe
C:\Program Files\Microsoft Security Adviser\msavsc.exe
C:\Program Files\Microsoft Security Adviser\msscan.exe
C:\Program Files\Microsoft Security Adviser\msiemon.exe
C:\Program Files\Microsoft Security Adviser\msfw.exe
C:\WINDOWS\SYSTEM32\wintfj32.dll
C:\WINDOWS\system32\drvgul.dll
C:\Documents and Settings\All Users\Application Data\fqjarezu.dll

Folder::
C:\Program Files\Microsoft Security Adviser


potom vloz sem novy log z Hjt + combofixu, co ti vyskoci po scanovani


Zdravim,dakujem za radu, " škodna " uz nevystrkuje rozky ale PC ostal nejaky pomalsi. Pred tym som "skakal" z okna do okna v mihu ale teraz nejako dlho rozmysla.Nie je to koli tym viacerym cisticom ktore som nainstaloval kym som to" vyhubil ". ?


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno

vloz mi tie logy...novy z Hijackthis a potom tento, co ho mas ulozeny v C:\combofix.txt


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.06.08
Prihlásený: 14.06.08
Príspevky: 9
Témy: 0 | 0

yaJohny píše:
vloz mi tie logy...novy z Hijackthis a potom tento, co ho mas ulozeny v C:\combofix.txt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:01, on 9.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R3 - URLSearchHook: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O3 - Toolbar: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvceb.dll,startup
O4 - HKLM\..\Run: [fqjarezu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\fqjarezu.dll"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://81.10.200.238/activex/AxisCamControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C731B93-7944-4A80-98EC-6F1B0E5763A5}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{69C103AB-7CB3-440C-9568-EF258656C1BC}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC7C27B3-4DF6-4A1C-824A-8560A802B5CC}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{C176C2EA-F9A2-419E-A5CE-347D45667E02}: NameServer = 85.255.116.141 85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE2FFDEC-9E61-4F9D-824D-0C681E4CA00E}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.90
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.ansa.sk/sk/fotogaleria/aron/6.jpg
O24 - Desktop Component 1: (no name) - http://sk1.superhry.cz/c2.php?image=530-140.jpg
O24 - Desktop Component 2: (no name) - http://www.macky.sutaz-infovek.sk/Obrazky/m12.JPG
O24 - Desktop Component 3: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 4: (no name) - http://sk1.superhry.cz/c2.php?image=2329-140.jpg

--
End of file - 10122 bytes


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno

poprosim aj log z combofix-u, ktory je ulozeny na C:\combofix.txt
//robil si urcite vsetko presne podla mojho navodu? :)


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno

najprv spusti combofix s tymto scriptom podla navodu: http://www.pcforum.sk/cistime-napadnuty ... 27265.html

Kód:
File::
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Microsoft Security Adviser\msctrl.exe
C:\Program Files\Microsoft Security Adviser\msavsc.exe
C:\Program Files\Microsoft Security Adviser\msscan.exe
C:\Program Files\Microsoft Security Adviser\msiemon.exe
C:\Program Files\Microsoft Security Adviser\msfw.exe
C:\WINDOWS\system32\drvceb.dll
C:\Documents and Settings\All Users\Application Data\fqjarezu.dll

Folder::
C:\Program Files\Microsoft Security Adviser



potom vloz sem novy log z Hjt + combofixu, co ti vyskoci po scanovani
potom budeme pokracovat dalej..mas tam toho hodne :) tak venuj tomu trochu casu, nech to odstranime..


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.06.08
Prihlásený: 14.06.08
Príspevky: 9
Témy: 0 | 0

yaJohny píše:
najprv spusti combofix s tymto scriptom podla navodu: http://www.pcforum.sk/cistime-napadnuty ... 27265.html

Kód:
File::
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Microsoft Security Adviser\msctrl.exe
C:\Program Files\Microsoft Security Adviser\msavsc.exe
C:\Program Files\Microsoft Security Adviser\msscan.exe
C:\Program Files\Microsoft Security Adviser\msiemon.exe
C:\Program Files\Microsoft Security Adviser\msfw.exe
C:\WINDOWS\system32\drvceb.dll
C:\Documents and Settings\All Users\Application Data\fqjarezu.dll

Folder::
C:\Program Files\Microsoft Security Adviser



potom vloz sem novy log z Hjt + combofixu, co ti vyskoci po scanovani
potom budeme pokracovat dalej..mas tam toho hodne :) tak venuj tomu trochu casu, nech to odstranime..


ComboFix 08-06-08.8 - Administrator 2008-06-09 22:19:15.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.47 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mssadv.dll
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\kdlce.exe
C:\WINDOWS\system32\winowl32.dll
C:\WINDOWS\system32\winzzc32.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.

2008-06-08 15:27 . 2008-06-08 15:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-08 15:27 . 2008-06-08 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-08 15:27 . 2008-06-08 15:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-08 15:26 . 2008-06-08 15:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 14:52 . 2008-06-08 14:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-06-08 14:35 . 2008-06-08 14:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-08 00:34 . 2008-06-08 00:34 <DIR> d-------- C:\Program Files\Pet Shop Hop
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Turbo Subs
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Secrets of Great Art
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Real Estate Empire
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Puzzle Mania
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Out Of Your Mind
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Chicken Chase
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Go Go Gourmet
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Go-Go Gourmet
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Fashion Boutique
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Cooking Academy
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Coffee Rush
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Burger Shop
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Buildalot
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\bfgclient
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Beauty Factory
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-06 15:37 . 2008-06-06 15:37 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-06 15:29 . 2008-06-06 15:29 <DIR> d-------- C:\SDFix
2008-06-05 19:53 . 2008-06-08 00:34 <DIR> d-------- C:\Documents and Settings\Administrator\.SunDownloadManager
2008-05-27 16:55 . 2008-05-27 16:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Total Eclipse
2008-05-22 16:40 . 2008-05-22 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
2008-05-22 16:39 . 2008-05-26 09:17 <DIR> d-------- C:\Program Files\Fashion Solitaire
2008-05-21 18:53 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Pizza Chef

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 17:10 --------- d-----w C:\Program Files\Google
2008-06-07 22:33 --------- d-----w C:\Program Files\Chicken Chase
2008-06-07 22:31 --------- d-----w C:\Program Files\Games
2008-06-02 08:19 --------- d-----w C:\Program Files\Winamp
2008-05-31 11:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Image Zone Express
2008-05-29 12:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-26 11:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-26 11:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PlayFirst
2008-05-25 11:31 --------- d-----w C:\Program Files\Java
2008-05-08 15:17 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-04-24 17:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-04-18 21:23 --------- d-----w C:\Program Files\Believe in Sandy - Holiday Story
2008-04-12 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-04-12 12:11 0 ----a-w C:\Program Files\temp01
2008-04-07 12:50 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-03-20 18:19 26,112 ----a-w C:\WINDOWS\system32\winyta32.dll
2008-03-20 18:19 26,112 ----a-w C:\WINDOWS\system32\winnqk32.dll
2008-02-14 03:37 21,920 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8e41e543-e069-4197-8608-e8b4c2f75747}]
2008-04-03 06:22 1470488 --a------ C:\Program Files\wellgames\tbwel0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8E41E543-E069-4197-8608-E8B4C2F75747}"= "C:\Program Files\wellgames\tbwel0.dll" [2008-04-03 06:22 1470488]

[HKEY_CLASSES_ROOT\clsid\{8e41e543-e069-4197-8608-e8b4c2f75747}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8E41E543-E069-4197-8608-E8B4C2F75747}"= C:\Program Files\wellgames\tbwel0.dll [2008-04-03 06:22 1470488]

[HKEY_CLASSES_ROOT\clsid\{8e41e543-e069-4197-8608-e8b4c2f75747}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:56 1667584]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 21:10 335872]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-28 16:37 394240]
"CnxDslTaskBar"="C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" [2004-06-16 07:55 233472]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 20:12 3142236]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-04 23:20 282624]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-17 14:42 185632]
"MSDisp32"="C:\WINDOWS\system32\drvceb.dll" [ ]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-07 14:50 949376]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-08 15:20 29744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Registration-InstantCopy.lnk - C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe [2002-09-26 13:18:00 245760]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
IEEE 802.11g USB Wireless LAN Utility.lnk - C:\Program Files\Wireless LAN\WlanUtil.exe [2006-10-04 21:49:47 413696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
wintfj32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\ingmodel\\LibRunner.exe"=

R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-16 07:51]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-16 07:51]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-16 07:51]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-08 15:20]
S3 ZD1211U(WLAN);IEEE 802.11g USB Wireless LAN Driver(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 11:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Setup.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 22:25:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.
**************************************************************************
.
Completion time: 2008-06-09 22:34:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 20:34:28

Pre-Run: 6,764,261,376 bytes free
Post-Run: 6,776,328,192 bytes free

184


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno

znova combofix s tymto scriptom

Kód:
File::
C:\WINDOWS\system32\winyta32.dll
C:\WINDOWS\system32\winnqk32.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSDisp32"=-


potom sem vloz z neho log + aktualny log z hijackthis
//sorry ze tak neskoro, som zaspal :D


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.06.08
Prihlásený: 14.06.08
Príspevky: 9
Témy: 0 | 0

yaJohny píše:
znova combofix s tymto scriptom

Kód:
File::
C:\WINDOWS\system32\winyta32.dll
C:\WINDOWS\system32\winnqk32.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSDisp32"=-


potom sem vloz z neho log + aktualny log z hijackthis
//sorry ze tak neskoro, som zaspal :D


neviem,vcera som sa nejako nemohol dostat na tuto stranku,uz som si myslel ze PC "hynie",ale dnes to ide.Ten combofix mi isiel na prvy krat ok ale potom mi to nejako blbne-nechce to urobit do konca ,mrzne to atd.Neurobi ani ten vypis,co urobil prvy krat,nevies preco?Ono je to aj trochu problem,ja viem celkom dobre po nemecky-tam som aj zil,ale po anglicky nic,cize vela veci si len myslim ze by tak mohli byt...ked nieco instalujem. Cize dost na figu :cheer:


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno

vloz novy Hijackthis log s skusime to s inym softom, nie combofixom :)


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.06.08
Prihlásený: 14.06.08
Príspevky: 9
Témy: 0 | 0

musel som znovu restartovat,preto tak dlho.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05, on 2008-06-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O3 - Toolbar: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvceb.dll,startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://81.10.200.238/activex/AxisCamControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C731B93-7944-4A80-98EC-6F1B0E5763A5}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{69C103AB-7CB3-440C-9568-EF258656C1BC}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC7C27B3-4DF6-4A1C-824A-8560A802B5CC}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE2FFDEC-9E61-4F9D-824D-0C681E4CA00E}: NameServer = 85.255.116.141,85.255.112.90
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.ansa.sk/sk/fotogaleria/aron/6.jpg
O24 - Desktop Component 1: (no name) - http://sk1.superhry.cz/c2.php?image=530-140.jpg
O24 - Desktop Component 2: (no name) - http://www.macky.sutaz-infovek.sk/Obrazky/m12.JPG
O24 - Desktop Component 3: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 4: (no name) - http://sk1.superhry.cz/c2.php?image=2329-140.jpg

--
End of file - 8663 bytes


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno

stiahni si avenger: http://swandog46.geekstogo.com/avenger.exe
postupuj podla navodu Avengera http://www.pcforum.sk/cistime-napadnuty ... 27265.html a vloz tam toto:

Kód:
Files to delete:
C:\WINDOWS\system32\drvceb.dll
C:\WINDOWS\system32\winyta32.dll
C:\WINDOWS\system32\winnqk32.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run | MSDisp32


pocitac sa moze restartovat, potom vloz novy log z Hijackthis

a fixni v Hijackthis toto.
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvceb.dll,startup
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.06.08
Prihlásený: 14.06.08
Príspevky: 9
Témy: 0 | 0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13, on 2008-06-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O3 - Toolbar: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://81.10.200.238/activex/AxisCamControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C731B93-7944-4A80-98EC-6F1B0E5763A5}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{69C103AB-7CB3-440C-9568-EF258656C1BC}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC7C27B3-4DF6-4A1C-824A-8560A802B5CC}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{C176C2EA-F9A2-419E-A5CE-347D45667E02}: NameServer = 85.255.116.141 85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE2FFDEC-9E61-4F9D-824D-0C681E4CA00E}: NameServer = 85.255.116.141,85.255.112.90
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.ansa.sk/sk/fotogaleria/aron/6.jpg
O24 - Desktop Component 1: (no name) - http://sk1.superhry.cz/c2.php?image=530-140.jpg
O24 - Desktop Component 2: (no name) - http://www.macky.sutaz-infovek.sk/Obrazky/m12.JPG
O24 - Desktop Component 3: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 4: (no name) - http://sk1.superhry.cz/c2.php?image=2329-140.jpg

--
End of file - 8723 bytes


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno

postni aj obsah suboru c:\avenger.txt, inak ok :water:

fixni v HJT aj toto:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C731B93-7944-4A80-98EC-6F1B0E5763A5}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{69C103AB-7CB3-440C-9568-EF258656C1BC}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC7C27B3-4DF6-4A1C-824A-8560A802B5CC}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{C176C2EA-F9A2-419E-A5CE-347D45667E02}: NameServer = 85.255.116.141 85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE2FFDEC-9E61-4F9D-824D-0C681E4CA00E}: NameServer = 85.255.116.141,85.255.112.90


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.06.08
Prihlásený: 14.06.08
Príspevky: 9
Témy: 0 | 0

Nemam tie cistice-ci analyzery zrusit vsetky? Mam tu ten combofix,avenger,superantispyware,to som vsetko natahal pocas nicenia skodnej. Inak dakujem.Miro


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno

este hod vypis z c:\avenger.txt a mozes zmazat Avenger s Combofixom aj ich zalohy suborov na C:\qoobox atd


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.06.08
Prihlásený: 14.06.08
Príspevky: 9
Témy: 0 | 0

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\drvceb.dll" not found!
Deletion of file "C:\WINDOWS\system32\drvceb.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run|MSDisp32" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


 [ Príspevkov: 32 ] 1, 2


ako odstranit malware "bestseller antivirus"?



Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy.

Ako zabranit malware?

v Antivíry a antispywary

13

841

07.09.2008 16:08

rimmer-ova

V tomto fóre nie sú ďalšie neprečítané témy.

ako odstranit toto

v HTML, XHTML, XML, CSS

3

509

15.06.2007 13:13

ma®tin

V tomto fóre nie sú ďalšie neprečítané témy.

Ako odstrániť GPU

v ATI/AMD grafické karty

12

361

14.08.2011 19:37

Pepo32

V tomto fóre nie sú ďalšie neprečítané témy.

Ako odstranit logo?

v Grafické programy

2

727

25.02.2008 17:37

mufin

V tomto fóre nie sú ďalšie neprečítané témy.

ako odstranit subor?

v Antivíry a antispywary

17

1804

15.06.2008 13:19

wave

V tomto fóre nie sú ďalšie neprečítané témy.

ako odstranit WIN 7 ?

v Operačné systémy Microsoft

10

1271

06.08.2010 21:42

killer

V tomto fóre nie sú ďalšie neprečítané témy.

Ako odstranit kontextove menu

v Operačné systémy Microsoft

4

250

30.10.2007 22:46

Axwell

V tomto fóre nie sú ďalšie neprečítané témy.

Ako odstrániť MS Frontpage?

v Operačné systémy Microsoft

10

1184

10.08.2005 16:43

Cupi

V tomto fóre nie sú ďalšie neprečítané témy.

ako odstranit intern explorer?

v Operačné systémy Microsoft

14

945

19.07.2010 16:49

pato342

V tomto fóre nie sú ďalšie neprečítané témy.

Messenger.exe virus - ako odstranit?

v Antivíry a antispywary

8

1136

23.04.2011 11:18

ac.milan

V tomto fóre nie sú ďalšie neprečítané témy.

ako to odstranit mp3 prehravac?

v Ostatné programy

0

257

07.11.2007 17:27

sairik

V tomto fóre nie sú ďalšie neprečítané témy.

Ako odstrániť pozadie z obrázka

v Grafické programy

2

171

15.05.2013 10:56

hujco

V tomto fóre nie sú ďalšie neprečítané témy.

OS Selector - ako ho odstranit?

v Operačné systémy Microsoft

4

305

17.09.2007 0:06

piaggio

V tomto fóre nie sú ďalšie neprečítané témy.

SWEET IM AKO HO ODSTRANIT

v Sieťové a internetové programy

4

152

04.11.2013 15:32

Denco1

V tomto fóre nie sú ďalšie neprečítané témy.

Bonjour - Ako odstranit celu zlozku

v Antivíry a antispywary

2

354

04.12.2007 17:11

Axwell

V tomto fóre nie sú ďalšie neprečítané témy.

Ako odstrániť ponuku v chrome

v HTML, XHTML, XML, CSS

2

164

18.12.2016 7:36

vprint



© 2005 - 2017 PCforum, edited by JanoF