Obsah fóra
PravidláRegistrovaťPrihlásenie




Odpovedať na tému [ Príspevkov: 32 ] Choď na stránku: 1, 2 ďalšia
AutorSpráva
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 15.08.06
Prihlásený: 28.04.08
Príspevky: 338
Témy: 44
Príspevok NapísalOffline : 25.11.2007 11:26

Jednemu znamemu sa podarilo chytit tento malware a ja sa ho neviem zbavit. Neexistuje na to nejaky nastroj?







_________________
CPU: Core 2 Duo E6750 | Memory: 1 x 2048 MB Apacer 800Mhz DDR2 | Sound: Realtek (nejaky onboard) | Board: Asus P5KC | VGA: Asus EN6800 256MB | HDD: Samsung SpinPoint T166 HD501LJ |Zdroj: Fortron FSP-400-60GLN | DVD-RW: Samsung | Keyboard+mouse: Logitech MX3100 wireless desktop set | LCD: HP Pavilion w2207v | Case: Thermaltake KANDALF black VA9000BWS window
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1703
Témy: 25
Príspevok NapísalOffline : 25.11.2007 14:01

Existuje => http://www.viry.cz/forum/viewtopic.php?t=16475


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 12.04.07
Prihlásený: 06.05.08
Príspevky: 9
Témy: 2
Príspevok NapísalOffline : 25.11.2007 14:36

hi.
mam rovnaky problem ako spipo.Uz som vykonal danu operaciu, ale pri prikaze CLEAN vypise ,ze nemam dostaocne opravnenie, nech kontaktujem administratora (aj ked som prihlaseny na ucte administratora). po vycisteni registrov a prepnuti do normalneho rezimu je vsak problem taky isty ako bol predtym:( danu infekciu som sa snazil odstranit cez avast! , aj ADadware a abidva programi to odstranili, ale problem stale pretrava...okna vyskakuju,book mrzne a ja stracam nervy:((((


Rbot, help me!


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1703
Témy: 25
Príspevok NapísalOffline : 25.11.2007 15:19

Vlož log z HijackThis => http://www.viry.cz/forum/viewtopic.php?t=16765


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 12.04.07
Prihlásený: 06.05.08
Príspevky: 9
Témy: 2
Príspevok NapísalOffline : 25.11.2007 20:44

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:28, on 25.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Eset\nod32krn.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Eset\nod32kui.exe
E:\Program Files\Java\jre1.5.0\bin\jusched.exe
E:\WINDOWS\sm56hlpr.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
E:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
E:\Program Files\ASUS\ASUS Live Update\ALU.exe
E:\WINDOWS\ATK0100\HControl.exe
E:\Program Files\Wireless Console 2\wcourier.exe
E:\Program Files\ASUS\WLAN Card Utilities\Center.exe
E:\Program Files\ICQLite\ICQLite.exe
E:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\WINDOWS\System32\ASUSTPE.exe
E:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
E:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
E:\WINDOWS\ATK0100\ATKOSD.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\totalcmd\TOTALCMD.EXE
E:\Program Files\Windows Media Player\wmplayer.exe
E:\WINDOWS\system32\SNDVOL32.EXE
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\WINDOWS\system32\HPBPRO.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - E:\WINDOWS\system32\ahyxiyjn.dll
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SMSERIAL] E:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] E:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PowerForPhone] E:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ASUS Live Update] E:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HControl] E:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Wireless Console 2] E:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [Control Center] E:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [ICQ Lite] "E:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [StatusClient] E:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] E:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [000000af] rundll32.exe "E:\WINDOWS\system32\gwyuohio.dll",b
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [admxsxsb] rundll32.exe "E:\Program Files\admxsxsb\sfatyxuz.dll",Init
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ASUSTPE] E:\WINDOWS\System32\ASUSTPE.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{43776271-D134-4364-AEF3-082D42D83690}: NameServer = 213.151.236.74,213.151.236.66
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASWLSVC - Unknown owner - E:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7391 bytes


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1703
Témy: 25
Príspevok NapísalOffline : 25.11.2007 22:28

Použite Avenger => http://www.viry.cz/forum/viewtopic.php?t=19832

Kód:
Files to delete:
E:\WINDOWS\system32\ahyxiyjn.dll


Použite toto => http://www.viry.cz/forum/viewtopic.php?t=16634


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 12.04.07
Prihlásený: 06.05.08
Príspevky: 9
Témy: 2
Príspevok NapísalOffline : 27.11.2007 14:21

tento proces som zvladol uspesne, zastavilo to infekciu, ale po odstraneni mi este ADadware nasiel v registroch malware ktory odstranil a ani pri dalsej plnej kontrole sa uz neobjavil.

No este ma trapi jedna vec, po odstraneni viru moj notebook je znacne spomaleny a zamrza mi HLAVNY PANEL, okna sa nechcu prepinat a castokrat ani nie zatvarat, hoci vytazenie procesora je minimalne...moze to byt sposobene tym virom , alebo ako mozem tento nedostatok dat do povodneho stavu?


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 12.04.07
Prihlásený: 06.05.08
Príspevky: 9
Témy: 2
Príspevok NapísalOffline : 27.11.2007 23:28

po dni absencie sa zasa vratil :shit: ako to mozem odstranit permanentne? este raz log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:25:06, on 27.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\wvrllmho.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Eset\nod32krn.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Eset\nod32kui.exe
E:\Program Files\Java\jre1.5.0\bin\jusched.exe
E:\WINDOWS\sm56hlpr.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\ASUS\ASUS Live Update\ALU.exe
E:\WINDOWS\ATK0100\HControl.exe
E:\Program Files\Wireless Console 2\wcourier.exe
E:\Program Files\ASUS\WLAN Card Utilities\Center.exe
E:\Program Files\ICQLite\ICQLite.exe
E:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\System32\ASUSTPE.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\WINDOWS\ATK0100\ATKOSD.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
E:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
E:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Palo GRIGA\Plocha\winbox.exe
E:\Program Files\SecCenter\scprot4.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - E:\WINDOWS\system32\bslvwxrz.dll
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SMSERIAL] E:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] E:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PowerForPhone] E:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ASUS Live Update] E:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HControl] E:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Wireless Console 2] E:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [Control Center] E:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [ICQ Lite] "E:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [StatusClient] E:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] E:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [admxsxsb] rundll32.exe "E:\Program Files\admxsxsb\sfatyxuz.dll",Init
O4 - HKLM\..\Run: [000000af] rundll32.exe "E:\WINDOWS\system32\oscrbirg.dll",b
O4 - HKLM\..\Run: [SC2] E:\Program Files\SecCenter\scprot4.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ASUSTPE] E:\WINDOWS\System32\ASUSTPE.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{43776271-D134-4364-AEF3-082D42D83690}: NameServer = 213.151.236.74,213.151.236.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF479E99-317A-4906-BAA3-6C3282BEE87B}: NameServer = 213.151.236.74,213.151.236.66
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASWLSVC - Unknown owner - E:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - - E:\WINDOWS\system32\wvrllmho.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7761 bytes
:jaw: :jaw: :jaw: :jaw: :jaw: :jaw: :shit:


Offline

Skúsený užívateľ
Skúsený užívateľ
ako odstranit malware "bestseller antivirus"?

Registrovaný: 22.03.07
Prihlásený: 23.06.23
Príspevky: 2096
Témy: 15
Bydlisko: Bratislava V
Príspevok NapísalOffline : 28.11.2007 11:26

Predošlý postup s VundoFix prebehol bez problémov? Pošli log z Combofix a mwav (stačí E:, pred skenom ho aktualizuj).


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 12.04.07
Prihlásený: 06.05.08
Príspevky: 9
Témy: 2
Príspevok NapísalOffline : 02.12.2007 19:28

najskor chcem podakovat vsetkym, ktory si davaju ten cas a pomozu mi zbavit sa tejto nakazy.

predtym ako som spustil mwaw tak som znova prehladal disk s AD-ADWARE a vundofix. potom som si nechal kontrolovat disk co trvalo hodnu chvilu...a tu je log bez neplatnych objektov a je vidiet ze nakaza sa u mna rozrasta :(

File E:\WINDOWS\system32\qomkllk.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.azg". Action Taken: No Action Taken.
File E:\WINDOWS\system32\qomkllk.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.azg". Action Taken: No Action Taken.
File E:\WINDOWS\system32\qomkllk.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.azg". Action Taken: No Action Taken.
Object "spyware.imfmonitor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
"E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.
"E:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.
.
Action Taken.
File E:\WINDOWS\system32\gebabya.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.azg". Action Taken: No Action Taken.
File E:\WINDOWS\system32\gebyvst.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.azg". Action Taken: No Action Taken.
File E:\WINDOWS\system32\qomkllk.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.azg". Action Taken: No Action Taken.
File E:\avenger\backup.zip/avenger/ahyxiyjn.dll tagged as "not-a-virus:AdWare.Win32.SecToolBar.k". Action Taken: No Action Taken.
File E:\Program Files\admxsxsb\sfatyxuz.dll infected by "Trojan-Downloader.Win32.Zlob.enu" Virus! Action Taken: No Action Taken.
File E:\Program Files\BitLord\Downloads\Mumbojumbo Games - Luxor 2 + Crack\luxor2.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File E:\Program Files\BitLord\Downloads\Real Arcade - Luxor 3 (Fully Cracked) (fscarberry20)\Luxor_3.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File E:\Program Files\BitLord\Downloads\Real Arcade - Luxor 3 (Fully Cracked) (fscarberry20)\MumboJumbo Luxor 2 2.00.rar/keygen.exe infected by "Trojan.Win32.Dialer.qn" Virus! Action Taken: No Action Taken.
File E:\Program Files\BitLord\Downloads\Real Arcade - Luxor 3 (Fully Cracked) (fscarberry20)\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
File E:\Program Files\BitLord\Downloads\Real Arcade - Luxor 3 (Fully Cracked) (fscarberry20)\SmitfraudFix.exe//data.rar/SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\catchme2007-11-29_180757.15.zip/ssqrr.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.ayv". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\bbblggca.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\cufndnmt.dll.vir tagged as "not-a-virus:AdWare.Win32.SuperJuan.h". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\gqngskpq.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\hnjdmydb.dll.vir tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\ikhnrqyq.dll.vir tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\jdmbtapq.dll.vir tagged as "not-a-virus:AdWare.Win32.SuperJuan.h". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\jomivubu.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\jwapaqkk.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\mdmchkdy.dll.vir tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\nldgqpyh.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\svgglmtk.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\tnrtmwuk\tnrtmwuk2.exe.vir tagged as "not-a-virus:FraudTool.Win32.UltimateDefender.v". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\tnrtmwuk\tnrtmwuk3.exe.vir//PE_Patch.UPX//UPX tagged as "not-a-virus:Downloader.Win32.UltimateFix.d". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\tpcwdoia\tpcwdoia2.exe.vir tagged as "not-a-virus:FraudTool.Win32.UltimateDefender.v". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\tpcwdoia\tpcwdoia3.exe.vir//PE_Patch.UPX//UPX tagged as "not-a-virus:Downloader.Win32.UltimateFix.d". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\tvwidbsn.dll.vir tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\uopdyjre.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\qoobox\Quarantine\E\WINDOWS\system32\wvrllmho.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP92\A0043943.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP92\A0043996.sys tagged as "not-a-virus:FraudTool.Win32.BestSeller.a". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP92\A0043997.sys tagged as "not-a-virus:FraudTool.Win32.BestSeller.a". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP92\A0044008.dll tagged as "not-a-virus:FraudTool.Win32.BestSeller.a". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP92\A0048266.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP92\A0049314.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP93\A0050399.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP94\A0050456.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050518.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050519.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050520.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050521.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050522.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050523.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050524.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050526.exe tagged as "not-a-virus:FraudTool.Win32.UltimateDefender.v". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050527.exe//PE_Patch.UPX//UPX tagged as "not-a-virus:Downloader.Win32.UltimateFix.d". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050529.exe tagged as "not-a-virus:FraudTool.Win32.UltimateDefender.v". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050530.exe//PE_Patch.UPX//UPX tagged as "not-a-virus:Downloader.Win32.UltimateFix.d". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050533.dll tagged as "not-a-virus:AdWare.Win32.SuperJuan.h". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050536.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050537.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050538.dll tagged as "not-a-virus:AdWare.Win32.SuperJuan.h". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050540.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050541.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.aps". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP95\A0050552.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.ayv". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP96\A0050752.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP96\A0050835.exe infected by "Trojan.Win32.Obfuscated.kp" Virus! Action Taken: No Action Taken.
File E:\VundoFix Backups\bslvwxrz.dll.bad tagged as "not-a-virus:AdWare.Win32.SecToolBar.k". Action Taken: No Action Taken.
File E:\VundoFix Backups\hygukoti.dll.bad tagged as "not-a-virus:AdWare.Win32.SecToolBar.k". Action Taken: No Action Taken.
File E:\VundoFix Backups\wxahohyp.dll.bad tagged as "not-a-virus:AdWare.Win32.SecToolBar.k". Action Taken: No Action Taken.
File E:\WINDOWS\system32\gebabya.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.azg". Action Taken: No Action Taken.
File E:\WINDOWS\system32\gebyvst.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.azg". Action Taken: No Action Taken.
File E:\WINDOWS\system32\qomkllk.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.azg". Action Taken: No Action Taken.
File F:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP74\A0037883.EXE//WISE0003.BIN infected by "Virus.Win9x.CIH.dam" Virus! Action Taken: No Action Taken.
File F:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP74\A0037885.EXE tagged as "not-a-virus:PSWTool.Win32.PWDump.b". No Action Taken.
File F:\System Volume Information\_restore{F61C79EE-2071-4D72-B018-B1C6F54C39E9}\RP74\A0037946.exe tagged as "not-a-virus:PSWTool.Win32.AirCrack.a". No Action Taken.


Offline

Skúsený užívateľ
Skúsený užívateľ
ako odstranit malware "bestseller antivirus"?

Registrovaný: 22.03.07
Prihlásený: 23.06.23
Príspevky: 2096
Témy: 15
Bydlisko: Bratislava V
Príspevok NapísalOffline : 03.12.2007 14:44

Už mi dochádzajú riešenia, tak aspoň skús:
- vypnúť obnovu systému
- vymazať E:\avenger, E:\qoobox, E:\VundoFix Backups a podozrivé súbory z Bitlordu
- do Avengeru:
Kód:
files to delete:
E:\WINDOWS\system32\qomkllk.dll
E:\WINDOWS\system32\gebabya.dll
E:\WINDOWS\system32\gebyvst.dll
E:\WINDOWS\system32\oscrbirg.dll
folders to delete:
E:\Program Files\admxsxsb

- skús sdfix
Skús vytvoriť nový administrátorský účet a spustiť v ňom smitfraudfix.
Nejde ten bestseller av odinštalovať? Niekedy to je možné.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 12.04.07
Prihlásený: 06.05.08
Príspevky: 9
Témy: 2
Príspevok NapísalOffline : 06.12.2007 21:20

po odskusani vsetkych horeuvedenych rieseni sa tentokrat podarilo odinstalovat vir z mojho PC tak dakujem br4no-vi a Rbot-ovi . dufam, ze je nenavratne prec.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.06.08
Prihlásený: 14.06.08
Príspevky: 9
Témy: 0
Príspevok NapísalOffline : 08.06.2008 10:25

Rbot píše:
Zdravim mozete mi pomoct odstranit" cosi " z mojho win? Nabieha mi stale windows antivirus - malaware atd. Na spodku tie 2 ikonky vykricnik a krizik. Po prihlaseni na internet. Obnovenie nestaci.Po prihlaseni je to tam v priebehu 5 min a potom to uz ostava. Tu je log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:50, on 6.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R3 - URLSearchHook: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {6F5D40A0-61D2-C26B-B1AE-0B9F23F7872E} - C:\WINDOWS\system32\httnkizr.dll (file missing)
O2 - BHO: Explorer Object - {6F6E22C2-DAB8-A296-A82A-72369A54A423} - C:\WINDOWS\system\cudact32.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O3 - Toolbar: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Documents and Settings\Administrator\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvgul.dll,startup
O4 - HKLM\..\Run: [fqjarezu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\fqjarezu.dll"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKLM\..\Policies\Explorer\Run: [H14f0KeSVc] C:\WINDOWS\system32\winver.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://81.10.200.238/activex/AxisCamControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C176C2EA-F9A2-419E-A5CE-347D45667E02}: NameServer = 195.146.132.58 195.146.128.60
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: wintfj32 - C:\WINDOWS\SYSTEM32\wintfj32.dll
O20 - Winlogon Notify: wintss32 - wintss32.dll (file missing)
O21 - SSODL: WinCTL - {009541A0-3B00-1F1C-00F3-040224009C02} - C:\Program Files\Common Files\winctl.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.macky.sutaz-infovek.sk/Obrazky/m12.JPG
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 2: (no name) - http://sk1.superhry.cz/c2.php?image=2329-140.jpg

--
End of file - 9187 bytes :cry: Dakujem perlino :cry: :cry:


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 08.06.2008 10:44

fix v Hijackthis:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {6F5D40A0-61D2-C26B-B1AE-0B9F23F7872E} - C:\WINDOWS\system32\httnkizr.dll (file missing)
O2 - BHO: Explorer Object - {6F6E22C2-DAB8-A296-A82A-72369A54A423} - C:\WINDOWS\system\cudact32.dll (file missing)
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Documents and Settings\Administrator\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O8 - Extra context menu item: &Search - ?p=ZJ
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O20 - Winlogon Notify: wintss32 - wintss32.dll (file missing)
O21 - SSODL: WinCTL - {009541A0-3B00-1F1C-00F3-040224009C02} - C:\Program Files\Common Files\winctl.dll (file missing)
O4 - HKLM\..\Policies\Explorer\Run: [H14f0KeSVc] C:\WINDOWS\system32\winver.exe



potom spusti combofix s tymto scriptom podla navodu: http://www.pcforum.sk/cistime-napadnuty ... 27265.html

Kód:
Killall::

File::
C:\Program Files\Microsoft Security Adviser\msctrl.exe
C:\Program Files\Microsoft Security Adviser\msavsc.exe
C:\Program Files\Microsoft Security Adviser\msscan.exe
C:\Program Files\Microsoft Security Adviser\msiemon.exe
C:\Program Files\Microsoft Security Adviser\msfw.exe
C:\WINDOWS\SYSTEM32\wintfj32.dll
C:\WINDOWS\system32\drvgul.dll
C:\Documents and Settings\All Users\Application Data\fqjarezu.dll

Folder::
C:\Program Files\Microsoft Security Adviser


potom vloz sem novy log z Hjt + combofixu, co ti vyskoci po scanovani


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.06.08
Prihlásený: 14.06.08
Príspevky: 9
Témy: 0
Príspevok NapísalOffline : 09.06.2008 20:52

yaJohny píše:
fix v Hijackthis:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {6F5D40A0-61D2-C26B-B1AE-0B9F23F7872E} - C:\WINDOWS\system32\httnkizr.dll (file missing)
O2 - BHO: Explorer Object - {6F6E22C2-DAB8-A296-A82A-72369A54A423} - C:\WINDOWS\system\cudact32.dll (file missing)
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Documents and Settings\Administrator\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O8 - Extra context menu item: &Search - ?p=ZJ
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O20 - Winlogon Notify: wintss32 - wintss32.dll (file missing)
O21 - SSODL: WinCTL - {009541A0-3B00-1F1C-00F3-040224009C02} - C:\Program Files\Common Files\winctl.dll (file missing)
O4 - HKLM\..\Policies\Explorer\Run: [H14f0KeSVc] C:\WINDOWS\system32\winver.exe



potom spusti combofix s tymto scriptom podla navodu: http://www.pcforum.sk/cistime-napadnuty ... 27265.html

Kód:
Killall::

File::
C:\Program Files\Microsoft Security Adviser\msctrl.exe
C:\Program Files\Microsoft Security Adviser\msavsc.exe
C:\Program Files\Microsoft Security Adviser\msscan.exe
C:\Program Files\Microsoft Security Adviser\msiemon.exe
C:\Program Files\Microsoft Security Adviser\msfw.exe
C:\WINDOWS\SYSTEM32\wintfj32.dll
C:\WINDOWS\system32\drvgul.dll
C:\Documents and Settings\All Users\Application Data\fqjarezu.dll

Folder::
C:\Program Files\Microsoft Security Adviser


potom vloz sem novy log z Hjt + combofixu, co ti vyskoci po scanovani


Zdravim,dakujem za radu, " škodna " uz nevystrkuje rozky ale PC ostal nejaky pomalsi. Pred tym som "skakal" z okna do okna v mihu ale teraz nejako dlho rozmysla.Nie je to koli tym viacerym cisticom ktore som nainstaloval kym som to" vyhubil ". ?


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 09.06.2008 20:54

vloz mi tie logy...novy z Hijackthis a potom tento, co ho mas ulozeny v C:\combofix.txt


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.06.08
Prihlásený: 14.06.08
Príspevky: 9
Témy: 0
Príspevok NapísalOffline : 09.06.2008 22:05

yaJohny píše:
vloz mi tie logy...novy z Hijackthis a potom tento, co ho mas ulozeny v C:\combofix.txt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:01, on 9.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R3 - URLSearchHook: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O3 - Toolbar: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvceb.dll,startup
O4 - HKLM\..\Run: [fqjarezu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\fqjarezu.dll"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://81.10.200.238/activex/AxisCamControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C731B93-7944-4A80-98EC-6F1B0E5763A5}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{69C103AB-7CB3-440C-9568-EF258656C1BC}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC7C27B3-4DF6-4A1C-824A-8560A802B5CC}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{C176C2EA-F9A2-419E-A5CE-347D45667E02}: NameServer = 85.255.116.141 85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE2FFDEC-9E61-4F9D-824D-0C681E4CA00E}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.90
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.ansa.sk/sk/fotogaleria/aron/6.jpg
O24 - Desktop Component 1: (no name) - http://sk1.superhry.cz/c2.php?image=530-140.jpg
O24 - Desktop Component 2: (no name) - http://www.macky.sutaz-infovek.sk/Obrazky/m12.JPG
O24 - Desktop Component 3: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 4: (no name) - http://sk1.superhry.cz/c2.php?image=2329-140.jpg

--
End of file - 10122 bytes


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 09.06.2008 22:13

poprosim aj log z combofix-u, ktory je ulozeny na C:\combofix.txt
//robil si urcite vsetko presne podla mojho navodu? :)


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 09.06.2008 22:35

najprv spusti combofix s tymto scriptom podla navodu: http://www.pcforum.sk/cistime-napadnuty ... 27265.html

Kód:
File::
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Microsoft Security Adviser\msctrl.exe
C:\Program Files\Microsoft Security Adviser\msavsc.exe
C:\Program Files\Microsoft Security Adviser\msscan.exe
C:\Program Files\Microsoft Security Adviser\msiemon.exe
C:\Program Files\Microsoft Security Adviser\msfw.exe
C:\WINDOWS\system32\drvceb.dll
C:\Documents and Settings\All Users\Application Data\fqjarezu.dll

Folder::
C:\Program Files\Microsoft Security Adviser



potom vloz sem novy log z Hjt + combofixu, co ti vyskoci po scanovani
potom budeme pokracovat dalej..mas tam toho hodne :) tak venuj tomu trochu casu, nech to odstranime..


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.06.08
Prihlásený: 14.06.08
Príspevky: 9
Témy: 0
Príspevok NapísalOffline : 09.06.2008 22:43

yaJohny píše:
najprv spusti combofix s tymto scriptom podla navodu: http://www.pcforum.sk/cistime-napadnuty ... 27265.html

Kód:
File::
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Microsoft Security Adviser\msctrl.exe
C:\Program Files\Microsoft Security Adviser\msavsc.exe
C:\Program Files\Microsoft Security Adviser\msscan.exe
C:\Program Files\Microsoft Security Adviser\msiemon.exe
C:\Program Files\Microsoft Security Adviser\msfw.exe
C:\WINDOWS\system32\drvceb.dll
C:\Documents and Settings\All Users\Application Data\fqjarezu.dll

Folder::
C:\Program Files\Microsoft Security Adviser



potom vloz sem novy log z Hjt + combofixu, co ti vyskoci po scanovani
potom budeme pokracovat dalej..mas tam toho hodne :) tak venuj tomu trochu casu, nech to odstranime..


ComboFix 08-06-08.8 - Administrator 2008-06-09 22:19:15.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.47 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mssadv.dll
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\kdlce.exe
C:\WINDOWS\system32\winowl32.dll
C:\WINDOWS\system32\winzzc32.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.

2008-06-08 15:27 . 2008-06-08 15:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-08 15:27 . 2008-06-08 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-08 15:27 . 2008-06-08 15:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-08 15:26 . 2008-06-08 15:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 14:52 . 2008-06-08 14:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-06-08 14:35 . 2008-06-08 14:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-08 00:34 . 2008-06-08 00:34 <DIR> d-------- C:\Program Files\Pet Shop Hop
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Turbo Subs
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Secrets of Great Art
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Real Estate Empire
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Puzzle Mania
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Out Of Your Mind
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Chicken Chase
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Go Go Gourmet
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Go-Go Gourmet
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Fashion Boutique
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Cooking Academy
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Coffee Rush
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Burger Shop
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Buildalot
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\bfgclient
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Beauty Factory
2008-06-08 00:33 . 2008-06-08 00:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-06 15:37 . 2008-06-06 15:37 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-06 15:29 . 2008-06-06 15:29 <DIR> d-------- C:\SDFix
2008-06-05 19:53 . 2008-06-08 00:34 <DIR> d-------- C:\Documents and Settings\Administrator\.SunDownloadManager
2008-05-27 16:55 . 2008-05-27 16:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Total Eclipse
2008-05-22 16:40 . 2008-05-22 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
2008-05-22 16:39 . 2008-05-26 09:17 <DIR> d-------- C:\Program Files\Fashion Solitaire
2008-05-21 18:53 . 2008-06-08 00:33 <DIR> d-------- C:\Program Files\Pizza Chef

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 17:10 --------- d-----w C:\Program Files\Google
2008-06-07 22:33 --------- d-----w C:\Program Files\Chicken Chase
2008-06-07 22:31 --------- d-----w C:\Program Files\Games
2008-06-02 08:19 --------- d-----w C:\Program Files\Winamp
2008-05-31 11:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Image Zone Express
2008-05-29 12:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-26 11:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-26 11:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PlayFirst
2008-05-25 11:31 --------- d-----w C:\Program Files\Java
2008-05-08 15:17 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-04-24 17:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-04-18 21:23 --------- d-----w C:\Program Files\Believe in Sandy - Holiday Story
2008-04-12 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-04-12 12:11 0 ----a-w C:\Program Files\temp01
2008-04-07 12:50 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-03-20 18:19 26,112 ----a-w C:\WINDOWS\system32\winyta32.dll
2008-03-20 18:19 26,112 ----a-w C:\WINDOWS\system32\winnqk32.dll
2008-02-14 03:37 21,920 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8e41e543-e069-4197-8608-e8b4c2f75747}]
2008-04-03 06:22 1470488 --a------ C:\Program Files\wellgames\tbwel0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8E41E543-E069-4197-8608-E8B4C2F75747}"= "C:\Program Files\wellgames\tbwel0.dll" [2008-04-03 06:22 1470488]

[HKEY_CLASSES_ROOT\clsid\{8e41e543-e069-4197-8608-e8b4c2f75747}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8E41E543-E069-4197-8608-E8B4C2F75747}"= C:\Program Files\wellgames\tbwel0.dll [2008-04-03 06:22 1470488]

[HKEY_CLASSES_ROOT\clsid\{8e41e543-e069-4197-8608-e8b4c2f75747}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:56 1667584]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 21:10 335872]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-28 16:37 394240]
"CnxDslTaskBar"="C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" [2004-06-16 07:55 233472]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 20:12 3142236]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-04 23:20 282624]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-17 14:42 185632]
"MSDisp32"="C:\WINDOWS\system32\drvceb.dll" [ ]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-07 14:50 949376]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-08 15:20 29744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Registration-InstantCopy.lnk - C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe [2002-09-26 13:18:00 245760]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
IEEE 802.11g USB Wireless LAN Utility.lnk - C:\Program Files\Wireless LAN\WlanUtil.exe [2006-10-04 21:49:47 413696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
wintfj32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\ingmodel\\LibRunner.exe"=

R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-16 07:51]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-16 07:51]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-16 07:51]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-08 15:20]
S3 ZD1211U(WLAN);IEEE 802.11g USB Wireless LAN Driver(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 11:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Setup.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 22:25:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.
**************************************************************************
.
Completion time: 2008-06-09 22:34:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 20:34:28

Pre-Run: 6,764,261,376 bytes free
Post-Run: 6,776,328,192 bytes free

184


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 09.06.2008 23:22

znova combofix s tymto scriptom

Kód:
File::
C:\WINDOWS\system32\winyta32.dll
C:\WINDOWS\system32\winnqk32.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSDisp32"=-


potom sem vloz z neho log + aktualny log z hijackthis
//sorry ze tak neskoro, som zaspal :D


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.06.08
Prihlásený: 14.06.08
Príspevky: 9
Témy: 0
Príspevok NapísalOffline : 11.06.2008 16:45

yaJohny píše:
znova combofix s tymto scriptom

Kód:
File::
C:\WINDOWS\system32\winyta32.dll
C:\WINDOWS\system32\winnqk32.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSDisp32"=-


potom sem vloz z neho log + aktualny log z hijackthis
//sorry ze tak neskoro, som zaspal :D


neviem,vcera som sa nejako nemohol dostat na tuto stranku,uz som si myslel ze PC "hynie",ale dnes to ide.Ten combofix mi isiel na prvy krat ok ale potom mi to nejako blbne-nechce to urobit do konca ,mrzne to atd.Neurobi ani ten vypis,co urobil prvy krat,nevies preco?Ono je to aj trochu problem,ja viem celkom dobre po nemecky-tam som aj zil,ale po anglicky nic,cize vela veci si len myslim ze by tak mohli byt...ked nieco instalujem. Cize dost na figu :cheer:


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 11.06.2008 16:48

vloz novy Hijackthis log s skusime to s inym softom, nie combofixom :)


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.06.08
Prihlásený: 14.06.08
Príspevky: 9
Témy: 0
Príspevok NapísalOffline : 11.06.2008 17:30

musel som znovu restartovat,preto tak dlho.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05, on 2008-06-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O3 - Toolbar: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvceb.dll,startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://81.10.200.238/activex/AxisCamControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C731B93-7944-4A80-98EC-6F1B0E5763A5}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{69C103AB-7CB3-440C-9568-EF258656C1BC}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC7C27B3-4DF6-4A1C-824A-8560A802B5CC}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE2FFDEC-9E61-4F9D-824D-0C681E4CA00E}: NameServer = 85.255.116.141,85.255.112.90
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.ansa.sk/sk/fotogaleria/aron/6.jpg
O24 - Desktop Component 1: (no name) - http://sk1.superhry.cz/c2.php?image=530-140.jpg
O24 - Desktop Component 2: (no name) - http://www.macky.sutaz-infovek.sk/Obrazky/m12.JPG
O24 - Desktop Component 3: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 4: (no name) - http://sk1.superhry.cz/c2.php?image=2329-140.jpg

--
End of file - 8663 bytes


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 11.06.2008 17:56

stiahni si avenger: http://swandog46.geekstogo.com/avenger.exe
postupuj podla navodu Avengera http://www.pcforum.sk/cistime-napadnuty ... 27265.html a vloz tam toto:

Kód:
Files to delete:
C:\WINDOWS\system32\drvceb.dll
C:\WINDOWS\system32\winyta32.dll
C:\WINDOWS\system32\winnqk32.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run | MSDisp32


pocitac sa moze restartovat, potom vloz novy log z Hijackthis

a fixni v Hijackthis toto.
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvceb.dll,startup
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.06.08
Prihlásený: 14.06.08
Príspevky: 9
Témy: 0
Príspevok NapísalOffline : 11.06.2008 18:14

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13, on 2008-06-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O3 - Toolbar: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwel0.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://81.10.200.238/activex/AxisCamControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C731B93-7944-4A80-98EC-6F1B0E5763A5}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{69C103AB-7CB3-440C-9568-EF258656C1BC}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC7C27B3-4DF6-4A1C-824A-8560A802B5CC}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{C176C2EA-F9A2-419E-A5CE-347D45667E02}: NameServer = 85.255.116.141 85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE2FFDEC-9E61-4F9D-824D-0C681E4CA00E}: NameServer = 85.255.116.141,85.255.112.90
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.ansa.sk/sk/fotogaleria/aron/6.jpg
O24 - Desktop Component 1: (no name) - http://sk1.superhry.cz/c2.php?image=530-140.jpg
O24 - Desktop Component 2: (no name) - http://www.macky.sutaz-infovek.sk/Obrazky/m12.JPG
O24 - Desktop Component 3: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 4: (no name) - http://sk1.superhry.cz/c2.php?image=2329-140.jpg

--
End of file - 8723 bytes


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 11.06.2008 18:20

postni aj obsah suboru c:\avenger.txt, inak ok :water:

fixni v HJT aj toto:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C731B93-7944-4A80-98EC-6F1B0E5763A5}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{69C103AB-7CB3-440C-9568-EF258656C1BC}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC7C27B3-4DF6-4A1C-824A-8560A802B5CC}: NameServer = 85.255.116.141,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{C176C2EA-F9A2-419E-A5CE-347D45667E02}: NameServer = 85.255.116.141 85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE2FFDEC-9E61-4F9D-824D-0C681E4CA00E}: NameServer = 85.255.116.141,85.255.112.90


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.06.08
Prihlásený: 14.06.08
Príspevky: 9
Témy: 0
Príspevok NapísalOffline : 11.06.2008 18:28

Nemam tie cistice-ci analyzery zrusit vsetky? Mam tu ten combofix,avenger,superantispyware,to som vsetko natahal pocas nicenia skodnej. Inak dakujem.Miro


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 11.06.2008 18:32

este hod vypis z c:\avenger.txt a mozes zmazat Avenger s Combofixom aj ich zalohy suborov na C:\qoobox atd


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.06.08
Prihlásený: 14.06.08
Príspevky: 9
Témy: 0
Príspevok NapísalOffline : 11.06.2008 18:36

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\drvceb.dll" not found!
Deletion of file "C:\WINDOWS\system32\drvceb.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run|MSDisp32" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Odpovedať na tému [ Príspevkov: 32 ] Choď na stránku: 1, 2 ďalšia


Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy. Ako zabranit malware?

v Antivíry a antispywary

13

1205

07.09.2008 16:08

rimmer-ova Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. ako odstranit toto

v HTML, XHTML, XML, CSS

3

797

15.06.2007 13:13

ma®tin Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Ako odstranit logo?

v Grafické programy

2

978

25.02.2008 17:37

mufin Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Ako odstrániť GPU

v ATI/AMD grafické karty

12

636

14.08.2011 19:37

Pepo32 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. ako odstranit subor?

v Antivíry a antispywary

17

2135

15.06.2008 13:19

wave Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Ako odstranit kontextove menu

v Operačné systémy Microsoft

4

500

30.10.2007 22:46

Axwell Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. ako odstranit intern explorer?

v Operačné systémy Microsoft

14

1305

19.07.2010 16:49

pato342 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Ako odstrániť MS Frontpage?

v Operačné systémy Microsoft

10

1569

10.08.2005 16:43

Cupi Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. ako odstranit WIN 7 ?

v Operačné systémy Microsoft

10

1533

06.08.2010 21:42

killer Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Messenger.exe virus - ako odstranit?

v Antivíry a antispywary

8

1517

23.04.2011 11:18

ac.milan Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. OS Selector - ako ho odstranit?

v Operačné systémy Microsoft

4

523

17.09.2007 0:06

piaggio Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. SWEET IM AKO HO ODSTRANIT

v Sieťové a internetové programy

4

479

04.11.2013 15:32

Denco1 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Ako odstrániť pozadie z obrázka

v Grafické programy

2

453

15.05.2013 10:56

hujco Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Ako odstrániť ponuku v chrome

v HTML, XHTML, XML, CSS

2

637

18.12.2016 7:36

vprint Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Bonjour - Ako odstranit celu zlozku

v Antivíry a antispywary

2

539

04.12.2007 17:11

Axwell Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Ako odstrániť sparovanie s TV?

v Ostatné programy

0

398

13.05.2018 20:30

AyameSenpai Zobrazenie posledných príspevkov


Nemôžete zakladať nové témy v tomto fóre
Nemôžete odpovedať na témy v tomto fóre
Nemôžete upravovať svoje príspevky v tomto fóre
Nemôžete mazať svoje príspevky v tomto fóre

Skočiť na:  

Powered by phpBB Jarvis © 2005 - 2024 PCforum, webhosting by WebSupport, secured by GeoTrust, edited by JanoF
Ako väčšina webových stránok aj my používame cookies. Zotrvaním na webovej stránke súhlasíte, že ich môžeme používať.
Všeobecné podmienky, spracovanie osobných údajov a pravidlá fóra