[ Príspevkov: 18 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35 | 35
Bydlisko: BA
NapísalOffline : 15.06.2008 10:42 | ako odstranit subor?

cafte, mam problem.
1. po rebbote sa mi vypne automaticka aktualizacia aj ked ju zapnem tak sa pri dalsom rr sama vipne
2. v soundMAX control panel, ked menim hlasitost (vlasne aj v klasickom ovladani zvuku win..) tak to strasne seka a HDD pracuje na plne obratky (odinstaloval a nainstaloval som ovladace a nepomohlo)
taraz mi to v control panel napisalo ked som klikol na zvukove zariadenia ze chyba MMDRIVER.INF (tak ho idem najst a dam vediet)

nainstaloval som teda hijack
spravil log
dal skontrolovat na hijackthis.de
naslo:
!1xX: sys32/geBqkcd.dll
2x?: sys32/knpturt.dll, wvumngyw.dll

tak dam fix a cakam ze sa to vymaze.. restartujem a nic, zostalo to tam

zapnem hijack a dam: misc tool section: delete a file on reboot: dam uvedene subori a po restarte nic... su tam

tak asi viete co ma trapy... pls o rady,

BTW:mna napada:
1. dostat sa do C: bez windowsu (ako kedysi v dose, mozno to ide aj cez F8 nudzovy rezim..neviem este som neskusal... a tam pouzit nieco ako erase C:....)
2. nainstalovat ubuntu napriklad a otial to vymazat
3. zobrat HDD a vymazat z ineho kompu (ale nemam tu nic so sata ybernicou poruke)
4. napisat do autoexecu ci kam erase C:..... (ale predpokladam ze podobne funguje aj hijack)

tak ak sa vam xe napiste mi prosim co stim a ak sa da aj presne, lebo nevyznam sa v tych skratkach a tak... dik


Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35 | 35
Bydlisko: BA
Napísal autor témyOffline : 15.06.2008 10:47 | ako odstranit subor?

ozaj: nejde mi hladat v google, ani yahoo, ... nechapem to stranka nabehne a ked dam hladat tak len preloaduje

takze mam problem najst aj ten subor mmdriver.inf (kedze na CD windows nieje, podla tej tabulkz co mi vzskocila by mal byt)


_________________
q6600, 9800gtx, maximus formula
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno
NapísalOffline : 15.06.2008 10:56 | ako odstranit subor?

co tak sa podelit o log aj s nami? :)


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35 | 35
Bydlisko: BA
Napísal autor témyOffline : 15.06.2008 11:03 | ako odstranit subor?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:47, on 15.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CF5D165-517E-48B6-B3C7-3054A24F8BF6} - C:\WINDOWS\system32\geBqQKcD.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {EBBB5850-9344-4F8B-B7C4-EAD422B5E597} - C:\WINDOWS\system32\wvUmNGyw.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BM5fa83c9e] Rundll32.exe "C:\WINDOWS\system32\knptawrt.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: geBqQKcD - C:\WINDOWS\SYSTEM32\geBqQKcD.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\wave\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6617 bytes


_________________
q6600, 9800gtx, maximus formula
Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35 | 35
Bydlisko: BA
Napísal autor témyOffline : 15.06.2008 11:20 | ako odstranit subor?

tak toto uz je sila, nejde mi otvorit ani niektore diskusie, ako napr: Čistíme napadnutý počítač

a ako ta reklama na zaciatku sa mi objavuje PORNO... normalne niekedy sa mi nacitaju tie modre nadpisi, niekedy nic a niekedy pornoobrazky


_________________
q6600, 9800gtx, maximus formula
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno
NapísalOffline : 15.06.2008 11:23 | ako odstranit subor?

Pouzi Vundofix podla navodu: http://www.viry.cz/forum/viewtopic.php?t=16634
potom sem hod novy log z hijackthis


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35 | 35
Bydlisko: BA
Napísal autor témyOffline : 15.06.2008 11:47 | ako odstranit subor?

takze spravil som aj podla prveho aj podla druheho programu v nudzovom rezime (naslo to v c//programfiles/powerISO/pwrisosh.dll)

asi to odstranilo kedze to tam nieje, ale google nejde a porno sa zobrazuje.. aj to zo zvukom zostalo, akurat automatic update uz nepinda, normalne je nastaveny ON..


hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:20, on 15.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QIP Infium\infium.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5E6A124D-D5F8-42FC-A916-C45BFE0F0690} - C:\WINDOWS\system32\wvUmNGyw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BM5fa83c9e] Rundll32.exe "C:\WINDOWS\system32\knptawrt.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\wave\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6386 bytes


_________________
q6600, 9800gtx, maximus formula
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno
NapísalOffline : 15.06.2008 11:52 | ako odstranit subor?

spusti combofix s tymto scriptom podla navodu: http://www.pcforum.sk/cistime-napadnuty ... 27265.html

Kód:
File::
C:\WINDOWS\system32\wvUmNGyw.dll
C:\WINDOWS\system32\knptawrt.dll


log z Combofixu vloz sem


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35 | 35
Bydlisko: BA
Napísal autor témyOffline : 15.06.2008 11:54 | ako odstranit subor?

teraz z nicoho nic v system32 je ten gebqkcd.dll zobrazeny ako gebgkcd.dll.vir

tak som ho vymazal a ide klasicky delete...


_________________
q6600, 9800gtx, maximus formula
Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35 | 35
Bydlisko: BA
Napísal autor témyOffline : 15.06.2008 11:55 | ako odstranit subor?

idem na combofix, ale bude to dlhsie, pretoze mi nejde zobrazit tato tema na mojom pc.. tak beham k bratovy


_________________
q6600, 9800gtx, maximus formula
Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35 | 35
Bydlisko: BA
Napísal autor témyOffline : 15.06.2008 12:02 | ako odstranit subor?

ma tam byt 2x dvojbodka??? file::


_________________
q6600, 9800gtx, maximus formula
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno
NapísalOffline : 15.06.2008 12:04 | ako odstranit subor?

wave píše:
ma tam byt 2x dvojbodka??? file::


ano ma


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35 | 35
Bydlisko: BA
Napísal autor témyOffline : 15.06.2008 12:07 | ako odstranit subor?

ok uz cakam tych 10 minut...


_________________
q6600, 9800gtx, maximus formula
Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35 | 35
Bydlisko: BA
Napísal autor témyOffline : 15.06.2008 12:14 | ako odstranit subor?

ComboFix 08-06-12.2 - wave 2008-06-15 12:06:35.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2835 [GMT 2:00]
Running from: C:\Documents and Settings\wave\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\wave\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\knptawrt.dll
C:\WINDOWS\system32\wvUmNGyw.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM5fa83c9e.xml
C:\WINDOWS\Fonts\CALIBRIB.TTF
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cqonjobi.dll
C:\WINDOWS\system32\eflvfuam.ini
C:\WINDOWS\system32\ibojnoqc.ini
C:\WINDOWS\system32\knptawrt.dll
C:\WINDOWS\system32\wvUmNGyw.dll
C:\WINDOWS\system32\wyGNmUvw.ini
C:\WINDOWS\system32\wyGNmUvw.ini2

.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.

2008-06-15 11:26 . 2008-06-15 11:29 <DIR> d-------- C:\VundoFix Backups
2008-06-15 11:01 . 2008-06-15 11:00 1,404 --a------ C:\WINDOWS\system32\MMDRIVER.inf
2008-06-15 02:34 . 2008-06-15 02:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 02:09 . 2008-06-15 02:09 <DIR> d-------- C:\Program Files\Analog Devices
2008-06-15 02:09 . 2008-06-15 02:09 <DIR> d-------- C:\Documents and Settings\wave\Application Data\vlc
2008-06-15 02:04 . 2008-06-15 02:04 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-15 01:58 . 2008-06-15 02:09 <DIR> d-------- C:\Program Files\Analog Devices(2)
2008-06-15 01:57 . 2008-06-15 02:09 <DIR> d-------- C:\WINDOWS\AsDmiHtm
2008-06-13 17:31 . 2008-06-13 17:42 <DIR> d-------- C:\Documents and Settings\wave\Graphisoft
2008-06-13 17:31 . 2008-06-13 17:42 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Graphisoft
2008-06-13 17:12 . 2008-06-13 17:12 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS
2008-06-13 17:12 . 2008-06-13 17:12 7,309 --a------ C:\WINDOWS\vpd.properties
2008-06-13 17:11 . 2008-06-13 17:11 <DIR> d-------- C:\Program Files\Graphisoft
2008-06-13 16:42 . 2008-06-13 16:43 <DIR> d-------- C:\Program Files\Revit Architecture 2009
2008-06-13 16:24 . 2007-01-10 14:00 244,736 --------- C:\WINDOWS\system32\drivers\c2scsi.sys
2008-06-13 16:21 . 2008-06-13 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-13 15:15 . 2008-06-13 15:15 <DIR> d-------- C:\Program Files\Bonjour
2008-06-13 15:04 . 2008-06-13 15:04 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-11 13:37 . 2008-06-13 19:21 <DIR> d-------- C:\Program Files\Opera
2008-06-11 13:01 . 2008-04-14 13:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:01 . 2008-04-14 13:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 21:33 . 2008-06-13 19:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 21:33 . 2008-06-15 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DeskShare
2008-06-10 21:31 . 2008-06-10 21:31 <DIR> d-------- C:\Documents and Settings\wave\Application Data\DivX
2008-06-09 15:31 . 2008-06-09 15:31 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-09 15:31 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-09 15:30 . 2008-06-09 15:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-09 15:08 . 2008-06-15 02:09 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-09 15:06 . 2008-06-13 16:47 <DIR> d-------- C:\Program Files\DivX
2008-06-08 14:26 . 2008-06-08 14:26 <DIR> d-------- C:\WINDOWS\Sun
2008-06-08 11:26 . 2008-06-08 11:26 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-08 11:25 . 2008-06-08 11:25 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-08 11:24 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-06-08 11:02 . 2008-06-15 02:16 <DIR> d-------- C:\Program Files\AutoCAD 2009
2008-06-07 23:41 . 2008-06-13 22:54 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-06-07 23:41 . 2008-06-04 23:23 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-06-07 11:39 . 2008-06-07 17:11 <DIR> d-------- C:\Program Files\Java
2008-06-07 11:39 . 2008-06-07 11:39 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-07 11:39 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-06 14:41 . 2008-06-07 18:21 23 --a------ C:\WINDOWS\popcinfot.dat
2008-06-05 23:26 . 2008-06-05 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-05 23:21 . 2008-06-05 23:21 <DIR> d-------- C:\Program Files\OpenAL
2008-06-05 00:34 . 2008-06-05 00:34 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-06-05 00:34 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-06-05 00:34 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-06-05 00:34 . 2008-06-15 12:10 182,851 --a------ C:\WINDOWS\system32\nvapps.xml
2008-06-05 00:34 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
2008-06-05 00:34 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm
2008-06-05 00:34 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
2008-06-05 00:34 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
2008-06-05 00:34 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-06-04 23:19 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-06-04 23:19 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-06-04 23:19 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-06-04 23:19 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-06-04 23:19 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-06-04 23:18 . 2008-06-09 15:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-04 23:18 . 2008-06-13 22:54 22,328 --------- C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 23:18 . 2008-06-04 23:18 22,328 --a------ C:\Documents and Settings\wave\Application Data\PnkBstrK.sys
2008-06-04 23:18 . 2008-06-04 23:18 276 --a------ C:\WINDOWS\game.ini
2008-06-04 23:08 . 2008-06-04 23:08 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-06-04 20:17 . 2008-06-13 16:32 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Roxio
2008-06-04 20:17 . 2008-06-04 20:17 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-06-04 17:59 . 2008-06-04 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-06-04 17:58 . 2008-06-15 02:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-06-04 17:56 . 2008-06-04 17:56 <DIR> d-------- C:\Program Files\SmartSound Software
2008-06-04 17:56 . 2008-06-15 03:03 <DIR> d-------- C:\Program Files\Roxio
2008-06-04 17:56 . 2008-06-15 02:57 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-04 17:56 . 2008-06-15 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-06-04 17:56 . 2008-06-04 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-04 17:54 . 2008-06-04 17:54 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-06-04 15:32 . 2008-06-04 15:32 <DIR> d-------- C:\Program Files\Xvid
2008-06-04 15:32 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-04 15:32 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-04 15:32 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-06-04 11:45 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-06-04 11:45 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-06-04 11:45 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-06-04 11:45 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-06-04 11:45 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-06-04 03:01 . 2008-06-04 03:01 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-04 03:01 . 2008-06-04 03:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-04 03:00 . 2008-06-04 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-02 19:56 . 2008-06-13 16:50 <DIR> d-------- C:\Program Files\TV JOJ Media Player
2008-06-01 21:46 . 2008-06-01 21:59 <DIR> d-------- C:\Program Files\AutoCAD 2008
2008-06-01 21:46 . 2008-06-13 17:43 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Autodesk
2008-06-01 21:46 . 2008-06-13 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-01 21:45 . 2008-06-15 02:16 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-01 21:45 . 2008-06-13 16:40 <DIR> d-------- C:\Program Files\Autodesk
2008-06-01 18:53 . 2008-06-01 18:53 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-01 18:44 . 2008-06-01 18:44 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Windows Desktop Search
2008-06-01 18:32 . 2008-06-01 18:32 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-06-01 17:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-01 17:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-01 17:41 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-01 17:39 . 2008-06-01 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-06-01 17:38 . 2008-06-01 17:38 <DIR> d-------- C:\Program Files\Common Files\HP
2008-06-01 17:37 . 2008-06-01 17:37 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-06-01 17:37 . 2008-06-01 17:37 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-01 17:35 . 2005-03-08 06:43 51,120 --------- C:\WINDOWS\system32\drivers\HPZid412.sys
2008-06-01 17:35 . 2005-03-08 06:43 16,496 --------- C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-06-01 17:34 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-06-01 17:34 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-06-01 17:34 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-06-01 17:34 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-06-01 17:34 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-06-01 17:34 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-06-01 17:34 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-06-01 17:34 . 2005-03-08 06:43 21,744 --------- C:\WINDOWS\system32\drivers\HPZius12.sys
2008-06-01 17:34 . 2004-08-03 22:58 15,104 --------- C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-01 17:34 . 2004-08-03 22:58 15,104 -----c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-01 17:27 . 2008-06-01 17:39 <DIR> d-------- C:\Program Files\HP
2008-06-01 17:27 . 2004-08-03 23:01 25,856 --------- C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-01 17:27 . 2004-08-03 23:01 25,856 -----c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-01 17:25 . 2008-06-01 17:42 <DIR> d-------- C:\Documents and Settings\wave\Application Data\HP
2008-06-01 17:25 . 2008-06-01 17:44 112,902 --a------ C:\WINDOWS\hpoins07.dat
2008-06-01 17:25 . 2005-05-24 04:48 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-06-01 17:23 . 2008-06-01 17:23 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-01 17:22 . 2008-06-08 11:27 <DIR> d-------- C:\Program Files\MSBuild
2008-06-01 17:22 . 2008-06-01 17:22 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-01 17:20 . 2008-06-01 17:22 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-01 17:20 . 2008-06-01 17:20 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-01 17:20 . 2008-06-01 17:20 <DIR> dr-h----- C:\MSOCache
2008-06-01 17:20 . 2008-06-10 23:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-01 10:42 . 2008-06-01 10:42 <DIR> d-------- C:\Program Files\IrfanView

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 15:53 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 20:46 6,554,496 ------w C:\WINDOWS\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-05-26 20:45 219952]
"Infium"="C:\Program Files\QIP Infium\infium.exe" [2008-04-07 16:54 4139008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 11:19 1426432]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 11:35 626176]
"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 10:32 880640]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2004-03-31 15:23 823296]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"BM5fa83c9e"="C:\WINDOWS\system32\knptawrt.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZyXEL G-302 v3 Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZyXEL G-302 v3 Utility.lnk
backup=C:\WINDOWS\pss\ZyXEL G-302 v3 Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-08-20 15:51 40960 C:\WINDOWS\VM_STI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft WinUpdate]
C:\WINDOWS\system32\mslatest_updt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch10"=2 (0x2)
"RoxMediaDB10"=3 (0x3)
"Roxio Upnp Server 10"=2 (0x2)
"Roxio UPnP Renderer 10"=3 (0x3)
"WZCSVC"=2 (0x2)
"Webcam Corp. Service Starter"=3 (0x3)
"PnkBstrA"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\StrongDC++\\StrongDC.exe"=
"C:\\Program Files\\Steam\\SteamApps\\n0by@gs14.sk\\counter-strike\\hl.exe"=
"E:\\_gamesky\\BF2\\BF2.exe"=
"E:\\_gamesky\\BF2\\Bf2_w32ded.exe"=
"E:\\_gamesky\\hl2\\hl2.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\QIP Infium\\infium.exe"=
"E:\\_gamesky\\colinDirt\\DiRT.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\_gamesky\\grid\\GRID.exe"=
"C:\\Program Files\\Steam\\SteamApps\\n0by@gs14.sk\\half-life 2 deathmatch\\hl2.exe"=
"E:\\_gamesky\\cod4\\iw3mp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"81:TCP"= 81:TCP:Windows Media Format SDK (webcam.exe)

R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2007-01-10 14:00]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
S2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys []
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" []
S2 SessionLauncher;SessionLauncher;C:\DOCUME~1\wave\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys []
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;C:\WINDOWS\system32\DRIVERS\superwebcam.sys [2006-06-27 08:56]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-27 06:55]
S4 Webcam Corp. Service Starter;Webcam Corp. Service Starter;C:\Program Files\Webcam\Webcam123\dogsvc.exe []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 15:23:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 12:11:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\NetLimiter\nl_lsp.dll
-> C:\WINDOWS\system32\nl_msgc.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-15 12:13:39 - machine was rebooted [wave]
ComboFix-quarantined-files.txt 2008-06-15 10:13:22

Pre-Run: 84,585,877,504 bytes free
Post-Run: 84,538,785,792 bytes free

296 --- E O F --- 2008-06-12 08:26:18


_________________
q6600, 9800gtx, maximus formula
Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35 | 35
Bydlisko: BA
Napísal autor témyOffline : 15.06.2008 12:17 | ako odstranit subor?

funguje mi google aj vsetko, akurat sa mi nezapol soundmax control panel... ale zvuk ide a neseka ovladanie hlasitosti... skusim rr a potom ovladac z cdcka od zakladky ak nenabehne control panel...

vyzera to byt vyriesene, ak sa nahodou stretneme mas u mna kopec piv, diky moooooooc


_________________
q6600, 9800gtx, maximus formula
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno
NapísalOffline : 15.06.2008 12:34 | ako odstranit subor?

este spusti combofix s tymto scriptom

Kód:
File::
C:\WINDOWS\popcinfot.dat

Folder::
C:\VundoFix Backups

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM5fa83c9e"=-

Driver::
SessionLauncher


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35 | 35
Bydlisko: BA
Napísal autor témyOffline : 15.06.2008 13:01 | ako odstranit subor?

och, nevsimol som si druhu stranu... idem na to


Offline

Užívateľ
Užívateľ
ako odstranit subor?

Registrovaný: 20.01.08
Prihlásený: 06.03.12
Príspevky: 133
Témy: 35 | 35
Bydlisko: BA
Napísal autor témyOffline : 15.06.2008 13:19 | ako odstranit subor?

ComboFix 08-06-12.2 - wave 2008-06-15 13:03:44.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2816 [GMT 2:00]
Running from: C:\Documents and Settings\wave\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\wave\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\popcinfot.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\PWRISOSH.DLL.bad
C:\WINDOWS\popcinfot.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SESSIONLAUNCHER
-------\Service_SessionLauncher


((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.

2008-06-15 12:59 . 2008-06-15 12:59 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-06-15 11:01 . 2008-06-15 11:00 1,404 --a------ C:\WINDOWS\system32\MMDRIVER.inf
2008-06-15 02:34 . 2008-06-15 02:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 02:09 . 2008-06-15 02:09 <DIR> d-------- C:\Program Files\Analog Devices
2008-06-15 02:09 . 2008-06-15 02:09 <DIR> d-------- C:\Documents and Settings\wave\Application Data\vlc
2008-06-15 02:04 . 2008-06-15 02:04 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-15 01:58 . 2008-06-15 02:09 <DIR> d-------- C:\Program Files\Analog Devices(2)
2008-06-15 01:57 . 2008-06-15 02:09 <DIR> d-------- C:\WINDOWS\AsDmiHtm
2008-06-13 17:31 . 2008-06-13 17:42 <DIR> d-------- C:\Documents and Settings\wave\Graphisoft
2008-06-13 17:31 . 2008-06-13 17:42 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Graphisoft
2008-06-13 17:12 . 2008-06-13 17:12 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS
2008-06-13 17:12 . 2008-06-13 17:12 7,309 --a------ C:\WINDOWS\vpd.properties
2008-06-13 17:11 . 2008-06-13 17:11 <DIR> d-------- C:\Program Files\Graphisoft
2008-06-13 16:42 . 2008-06-13 16:43 <DIR> d-------- C:\Program Files\Revit Architecture 2009
2008-06-13 16:24 . 2007-01-10 14:00 244,736 --------- C:\WINDOWS\system32\drivers\c2scsi.sys
2008-06-13 16:21 . 2008-06-13 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-13 15:15 . 2008-06-13 15:15 <DIR> d-------- C:\Program Files\Bonjour
2008-06-13 15:04 . 2008-06-13 15:04 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-11 13:37 . 2008-06-13 19:21 <DIR> d-------- C:\Program Files\Opera
2008-06-11 13:01 . 2008-04-14 13:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:01 . 2008-04-14 13:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 21:33 . 2008-06-13 19:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 21:33 . 2008-06-15 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DeskShare
2008-06-10 21:31 . 2008-06-10 21:31 <DIR> d-------- C:\Documents and Settings\wave\Application Data\DivX
2008-06-09 15:31 . 2008-06-09 15:31 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-09 15:31 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-09 15:30 . 2008-06-09 15:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-09 15:08 . 2008-06-15 02:09 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-09 15:06 . 2008-06-13 16:47 <DIR> d-------- C:\Program Files\DivX
2008-06-08 14:26 . 2008-06-08 14:26 <DIR> d-------- C:\WINDOWS\Sun
2008-06-08 11:26 . 2008-06-08 11:26 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-08 11:25 . 2008-06-08 11:25 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-08 11:24 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-06-08 11:02 . 2008-06-15 02:16 <DIR> d-------- C:\Program Files\AutoCAD 2009
2008-06-07 23:41 . 2008-06-15 13:00 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-06-07 23:41 . 2008-06-15 12:59 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-06-07 11:39 . 2008-06-07 17:11 <DIR> d-------- C:\Program Files\Java
2008-06-07 11:39 . 2008-06-07 11:39 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-07 11:39 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-05 23:26 . 2008-06-05 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-05 23:21 . 2008-06-05 23:21 <DIR> d-------- C:\Program Files\OpenAL
2008-06-05 00:34 . 2008-06-05 00:34 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-06-05 00:34 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-06-05 00:34 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-06-05 00:34 . 2008-06-15 13:12 182,851 --a------ C:\WINDOWS\system32\nvapps.xml
2008-06-05 00:34 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
2008-06-05 00:34 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm
2008-06-05 00:34 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
2008-06-05 00:34 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
2008-06-05 00:34 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-06-04 23:19 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-06-04 23:19 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-06-04 23:19 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-06-04 23:19 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-06-04 23:19 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-06-04 23:18 . 2008-06-09 15:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-04 23:18 . 2008-06-15 13:00 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 23:18 . 2008-06-15 13:00 22,328 --a------ C:\Documents and Settings\wave\Application Data\PnkBstrK.sys
2008-06-04 23:18 . 2008-06-04 23:18 276 --a------ C:\WINDOWS\game.ini
2008-06-04 23:08 . 2008-06-04 23:08 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-06-04 20:17 . 2008-06-13 16:32 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Roxio
2008-06-04 20:17 . 2008-06-04 20:17 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-06-04 17:59 . 2008-06-04 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-06-04 17:58 . 2008-06-15 02:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-06-04 17:56 . 2008-06-04 17:56 <DIR> d-------- C:\Program Files\SmartSound Software
2008-06-04 17:56 . 2008-06-15 03:03 <DIR> d-------- C:\Program Files\Roxio
2008-06-04 17:56 . 2008-06-15 02:57 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-04 17:56 . 2008-06-15 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-06-04 17:56 . 2008-06-04 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-04 17:54 . 2008-06-04 17:54 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-06-04 15:32 . 2008-06-04 15:32 <DIR> d-------- C:\Program Files\Xvid
2008-06-04 15:32 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-04 15:32 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-04 15:32 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-06-04 11:45 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-06-04 11:45 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-06-04 11:45 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-06-04 11:45 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-06-04 11:45 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-06-04 03:01 . 2008-06-04 03:01 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-04 03:01 . 2008-06-04 03:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-04 03:00 . 2008-06-04 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-02 19:56 . 2008-06-13 16:50 <DIR> d-------- C:\Program Files\TV JOJ Media Player
2008-06-01 21:46 . 2008-06-01 21:59 <DIR> d-------- C:\Program Files\AutoCAD 2008
2008-06-01 21:46 . 2008-06-13 17:43 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Autodesk
2008-06-01 21:46 . 2008-06-13 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-01 21:45 . 2008-06-15 02:16 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-01 21:45 . 2008-06-13 16:40 <DIR> d-------- C:\Program Files\Autodesk
2008-06-01 18:53 . 2008-06-01 18:53 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-01 18:44 . 2008-06-01 18:44 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Windows Desktop Search
2008-06-01 18:32 . 2008-06-01 18:32 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-06-01 17:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-01 17:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-01 17:41 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-01 17:39 . 2008-06-01 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-06-01 17:38 . 2008-06-01 17:38 <DIR> d-------- C:\Program Files\Common Files\HP
2008-06-01 17:37 . 2008-06-01 17:37 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-06-01 17:37 . 2008-06-01 17:37 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-01 17:35 . 2005-03-08 06:43 51,120 --------- C:\WINDOWS\system32\drivers\HPZid412.sys
2008-06-01 17:35 . 2005-03-08 06:43 16,496 --------- C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-06-01 17:34 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-06-01 17:34 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-06-01 17:34 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-06-01 17:34 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-06-01 17:34 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-06-01 17:34 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-06-01 17:34 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-06-01 17:34 . 2005-03-08 06:43 21,744 --------- C:\WINDOWS\system32\drivers\HPZius12.sys
2008-06-01 17:34 . 2004-08-03 22:58 15,104 --------- C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-01 17:34 . 2004-08-03 22:58 15,104 -----c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-01 17:27 . 2008-06-01 17:39 <DIR> d-------- C:\Program Files\HP
2008-06-01 17:27 . 2004-08-03 23:01 25,856 --------- C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-01 17:27 . 2004-08-03 23:01 25,856 -----c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-01 17:25 . 2008-06-01 17:42 <DIR> d-------- C:\Documents and Settings\wave\Application Data\HP
2008-06-01 17:25 . 2008-06-01 17:44 112,902 --a------ C:\WINDOWS\hpoins07.dat
2008-06-01 17:25 . 2005-05-24 04:48 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-06-01 17:23 . 2008-06-01 17:23 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-01 17:22 . 2008-06-08 11:27 <DIR> d-------- C:\Program Files\MSBuild
2008-06-01 17:22 . 2008-06-01 17:22 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-01 17:20 . 2008-06-01 17:22 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-01 17:20 . 2008-06-01 17:20 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-01 17:20 . 2008-06-01 17:20 <DIR> dr-h----- C:\MSOCache
2008-06-01 17:20 . 2008-06-10 23:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-01 10:42 . 2008-06-01 10:42 <DIR> d-------- C:\Program Files\IrfanView
2008-06-01 10:42 . 2008-06-09 08:06 <DIR> d-------- C:\Program Files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 15:53 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 20:46 6,554,496 ------w C:\WINDOWS\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-15_12.13.14.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-15 10:10:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 11:07:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 10:59:36 9,662 ----a-r C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\ARPPRODUCTICON.exe
+ 2008-06-15 10:59:36 10,134 ----a-r C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\checkForUpdatesSC_000E79B7E7254F01870AC12942B7F8E4.exe
+ 2008-06-15 10:59:36 10,134 ----a-r C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\visitWebsite_000E79B7E7254F01870AC12942B7F8E4.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-05-26 20:45 219952]
"Infium"="C:\Program Files\QIP Infium\infium.exe" [2008-04-07 16:54 4139008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 11:19 1426432]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 11:35 626176]
"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 10:32 880640]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2004-03-31 15:23 823296]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZyXEL G-302 v3 Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZyXEL G-302 v3 Utility.lnk
backup=C:\WINDOWS\pss\ZyXEL G-302 v3 Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-08-20 15:51 40960 C:\WINDOWS\VM_STI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft WinUpdate]
C:\WINDOWS\system32\mslatest_updt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch10"=2 (0x2)
"RoxMediaDB10"=3 (0x3)
"Roxio Upnp Server 10"=2 (0x2)
"Roxio UPnP Renderer 10"=3 (0x3)
"WZCSVC"=2 (0x2)
"Webcam Corp. Service Starter"=3 (0x3)
"PnkBstrA"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\StrongDC++\\StrongDC.exe"=
"C:\\Program Files\\Steam\\SteamApps\\n0by@gs14.sk\\counter-strike\\hl.exe"=
"E:\\_gamesky\\BF2\\BF2.exe"=
"E:\\_gamesky\\BF2\\Bf2_w32ded.exe"=
"E:\\_gamesky\\hl2\\hl2.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\QIP Infium\\infium.exe"=
"E:\\_gamesky\\colinDirt\\DiRT.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\_gamesky\\grid\\GRID.exe"=
"C:\\Program Files\\Steam\\SteamApps\\n0by@gs14.sk\\half-life 2 deathmatch\\hl2.exe"=
"E:\\_gamesky\\cod4\\iw3mp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"E:\\_gamesky\\crysis_wvn\\Bin32\\Crysis.exe"=
"E:\\_gamesky\\crysis_wvn\\Bin32\\CrysisDedicatedServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"81:TCP"= 81:TCP:Windows Media Format SDK (webcam.exe)

R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2007-01-10 14:00]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
S2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys []
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys []
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;C:\WINDOWS\system32\DRIVERS\superwebcam.sys [2006-06-27 08:56]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-27 06:55]
S4 Webcam Corp. Service Starter;Webcam Corp. Service Starter;C:\Program Files\Webcam\Webcam123\dogsvc.exe []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 15:23:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 13:12:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\NetLimiter\nl_lsp.dll
-> C:\WINDOWS\system32\nl_msgc.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-15 13:16:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-15 11:15:43
ComboFix2.txt 2008-06-15 10:13:40

Pre-Run: 84,361,220,096 bytes free
Post-Run: 84,356,780,032 bytes free

303 --- E O F --- 2008-06-12 08:26:18


_________________
q6600, 9800gtx, maximus formula
 [ Príspevkov: 18 ] 


ako odstranit subor?



Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy.

Nejde odstrániť súbor..

v Antivíry a antispywary

8

3498

03.10.2009 12:04

dom34

V tomto fóre nie sú ďalšie neprečítané témy.

Ako odstrániť GPU

v ATI/AMD grafické karty

12

363

14.08.2011 19:37

Pepo32

V tomto fóre nie sú ďalšie neprečítané témy.

ako odstranit toto

v HTML, XHTML, XML, CSS

3

509

15.06.2007 13:13

ma®tin

V tomto fóre nie sú ďalšie neprečítané témy.

Ako odstranit logo?

v Grafické programy

2

727

25.02.2008 17:37

mufin

V tomto fóre nie sú ďalšie neprečítané témy.

Ako odstranit kontextove menu

v Operačné systémy Microsoft

4

250

30.10.2007 22:46

Axwell

V tomto fóre nie sú ďalšie neprečítané témy.

Ako odstrániť MS Frontpage?

v Operačné systémy Microsoft

10

1184

10.08.2005 16:43

Cupi

V tomto fóre nie sú ďalšie neprečítané témy.

ako odstranit intern explorer?

v Operačné systémy Microsoft

14

946

19.07.2010 16:49

pato342

V tomto fóre nie sú ďalšie neprečítané témy.

ako odstranit WIN 7 ?

v Operačné systémy Microsoft

10

1271

06.08.2010 21:42

killer

V tomto fóre nie sú ďalšie neprečítané témy.

Ako odstrániť ponuku v chrome

v HTML, XHTML, XML, CSS

2

164

18.12.2016 7:36

vprint

V tomto fóre nie sú ďalšie neprečítané témy.

Bonjour - Ako odstranit celu zlozku

v Antivíry a antispywary

2

354

04.12.2007 17:11

Axwell

V tomto fóre nie sú ďalšie neprečítané témy.

ako to odstranit mp3 prehravac?

v Ostatné programy

0

257

07.11.2007 17:27

sairik

V tomto fóre nie sú ďalšie neprečítané témy.

Ako odstrániť pozadie z obrázka

v Grafické programy

2

171

15.05.2013 10:56

hujco

V tomto fóre nie sú ďalšie neprečítané témy.

SWEET IM AKO HO ODSTRANIT

v Sieťové a internetové programy

4

152

04.11.2013 15:32

Denco1

V tomto fóre nie sú ďalšie neprečítané témy.

OS Selector - ako ho odstranit?

v Operačné systémy Microsoft

4

305

17.09.2007 0:06

piaggio

V tomto fóre nie sú ďalšie neprečítané témy.

ako odstranit chyby na webe

v Ostatné

9

925

18.02.2009 14:07

bloger7

V tomto fóre nie sú ďalšie neprečítané témy.

Messenger.exe virus - ako odstranit?

v Antivíry a antispywary

8

1137

23.04.2011 11:18

ac.milan



© 2005 - 2017 PCforum, edited by JanoF