HJT nevie spraviť log...

HJT66 · Napísal **HJT66**: 24.04.2008 21:20

Idem rovno k veci...
V HJT dám spraviť Scan všetko mi prebehne napíše mi to tam zoznam, ale ako kliknem na tlačítko Save log... tak sa to tlačítko zmení znova na Scan(popr. neikedy sa mi zavrie celý HJT), a neotvorí sa mi Notepad ani nič iné... muśim to nejak spraviť lebo viem že tam mám nejaký spyware. Ak by niekto vedel pomôcť veľmi moc Ďakujem.

br4n0 · Napísal **br4n0**: 24.04.2008 21:24

Rovno použi combofix.

HJT66 · Napísal autor témy **HJT66**: 24.04.2008 21:33

Spraví to rovnaký scan ako HJT? .. Ak áno je niekde tu na fóre link?

br4n0 · Napísal **br4n0**: 24.04.2008 21:36

Áno, áno http://www.pcforum.sk/cistime-napadnuty ... 27265.html

HJT66 · Napísal autor témy **HJT66**: 24.04.2008 21:55

Antivírus mám Avast stačí keď to prebehnem tým?

//Alebo to prejdem tým BitDefenderom online

br4n0 · Napísal **br4n0**: 24.04.2008 21:57

Av vynechaj, chcem len log.

HJT66 · Napísal autor témy **HJT66**: 24.04.2008 21:58

Čiže ani bit defender online? OK tak idem spraviť ten log.

HJT66 · Napísal autor témy **HJT66**: 24.04.2008 22:19

ComboFix 08-04-22.5 - Doma 2008-04-24 22:06:21.1 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.257 [GMT 2:00]
Running from: C:\Documents and Settings\Doma\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Doma\Local Settings\Temporary Internet Files\REG.EXE
C:\Documents and Settings\Doma\Local Settings\Temporary Internet Files\UN32.EXE
C:\Documents and Settings\Doma\Local Settings\Temporary Internet Files\UN32.INI
C:\WINDOWS\system32\cbXQheBQ.dll
C:\WINDOWS\system32\ckelenwh.dll
C:\WINDOWS\system32\eqmvjvte.dll
C:\WINDOWS\system32\etvjvmqe.ini
C:\WINDOWS\system32\fjekcxip.dll
C:\WINDOWS\system32\hcmwaixo.dll
C:\WINDOWS\system32\hwnelekc.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oxiawmch.ini
C:\WINDOWS\system32\pixckejf.ini
C:\WINDOWS\system32\rqRJbCro.dll
C:\WINDOWS\system32\vDNpAJjl.ini
C:\WINDOWS\system32\vDNpAJjl.ini2
C:\WINDOWS\system32\VGgQBcdd.ini
C:\WINDOWS\system32\VGgQBcdd.ini2
C:\WINDOWS\system32\wHgMVGgh.ini
C:\WINDOWS\system32\wHgMVGgh.ini2

.
((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-24 13:26 . 2008-04-24 13:26 <DIR> d-------- C:\Program Files\ImTOO
2008-04-22 13:23 . 2008-04-22 16:18 354 ---hs---- C:\WINDOWS\system32\qniteunl.ini
2008-04-20 11:36 . 2008-04-20 13:29 1,470 ---hs---- C:\WINDOWS\system32\tahytalx.ini
2008-04-20 11:33 . 2008-04-20 11:33 1,178 ---hs---- C:\WINDOWS\system32\ehwqxbsn.ini
2008-04-20 03:09 . 2008-04-20 03:14 1,050 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-20 03:06 . 2008-04-20 03:06 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-20 03:06 . 2008-04-24 22:06 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-04-20 02:47 . 2008-04-20 03:04 <DIR> d-------- C:\!KillBox
2008-04-19 12:18 . 2008-04-19 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-19 11:59 . 2008-04-19 11:59 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-19 11:32 . 2008-04-20 11:32 1,118 ---hs---- C:\WINDOWS\system32\gaehhyia.ini
2008-04-19 08:46 . 2008-04-24 22:04 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-19 08:45 . 2008-04-24 21:55 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-19 08:45 . 2008-04-19 08:45 <DIR> d-------- C:\Documents and Settings\Doma\Application Data\PC Tools
2008-04-19 08:45 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-19 08:45 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-19 08:45 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-19 08:45 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-19 08:29 . 2008-04-19 08:47 466 --ahs---- C:\WINDOWS\system32\ldvdguql.ini
2008-04-19 00:57 . 2008-04-18 17:48 188,416 --a------ C:\WINDOWS\pmsoarbf.dll
2008-04-19 00:57 . 2008-04-18 17:48 155,648 --a------ C:\WINDOWS\qtvglped.dll
2008-04-19 00:57 . 2008-04-18 17:48 94,208 --a------ C:\WINDOWS\npqtsrak.exe
2008-04-19 00:57 . 2008-04-18 17:48 86,016 --a------ C:\WINDOWS\rtqmekwg.exe
2008-04-19 00:54 . 2008-04-19 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vuxcfkvu
2008-04-18 20:28 . 2008-04-18 20:30 <DIR> d-------- C:\Documents and Settings\Doma\Application Data\FileZilla
2008-04-18 20:27 . 2008-04-18 20:27 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-04-03 17:26 . 2008-04-03 17:30 <DIR> d-------- C:\Program Files\EA GAMES
2008-04-03 17:21 . 2008-04-03 17:21 <DIR> d-------- C:\Program Files\D-Tools
2008-04-03 17:21 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-04-03 17:21 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-04-03 17:20 . 2008-04-03 17:20 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-02 16:31 . 2008-04-02 16:31 <DIR> d-------- C:\Documents and Settings\Doma\Application Data\Nokia Multimedia Player
2008-04-02 16:26 . 2008-04-02 16:26 2,208 --a------ C:\Documents and Settings\Doma\Application Data\NMM-MetaData.db
2008-04-02 16:21 . 2008-04-02 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-02 16:20 . 2008-04-02 16:20 <DIR> d-------- C:\Program Files\DIFX
2008-04-02 16:20 . 2008-04-02 16:20 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-04-02 16:20 . 2008-04-02 16:20 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-04-02 16:20 . 2008-04-02 16:20 <DIR> d-------- C:\Documents and Settings\Doma\Application Data\PC Suite
2008-04-02 16:20 . 2008-04-02 16:21 <DIR> d-------- C:\Documents and Settings\Doma\Application Data\Nokia
2008-04-02 16:19 . 2008-04-02 16:19 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-02 16:19 . 2008-04-02 16:20 <DIR> d-------- C:\Program Files\Nokia
2008-04-02 16:19 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-04-02 16:19 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-02 16:19 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-02 16:19 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-04-02 16:19 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-04-02 16:19 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-04-02 16:18 . 2008-04-02 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-03-25 12:05 . 2008-03-25 12:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies
2008-03-25 10:14 . 2008-03-25 11:56 <DIR> d-------- C:\Program Files\SimCity Societies
2008-03-25 00:10 . 2008-03-25 00:10 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-25 00:10 . 2008-03-25 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-03-25 00:07 . 2008-03-25 00:13 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-24 21:42 . 2008-03-24 21:45 <DIR> d-------- C:\USB
2008-03-24 19:51 . 2008-03-25 02:12 <DIR> d-------- C:\SimCity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 14:49 --------- d-----w C:\Documents and Settings\Doma\Application Data\HLSW
2008-04-23 14:44 --------- d-----w C:\Documents and Settings\Doma\Application Data\ICQ
2008-04-19 09:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 18:44 --------- d-----w C:\Program Files\ICQ6
2008-04-16 11:08 --------- d-----w C:\Program Files\SwiftKit
2008-04-10 15:34 --------- d-----w C:\Program Files\Opera
2008-04-09 20:53 --------- d-----w C:\Program Files\Scorpions WinCheater
2008-03-27 16:48 --------- d-----w C:\Program Files\Activision
2008-03-27 15:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-27 15:55 22,328 ----a-w C:\Documents and Settings\Doma\Application Data\PnkBstrK.sys
2008-03-25 18:03 --------- d-----w C:\Program Files\Morpheus
2008-03-24 18:46 --------- d-----w C:\Program Files\FlashGet
2008-03-23 23:14 --------- d-----w C:\Program Files\Blitzkrieg 2
2008-03-23 18:42 --------- d-----w C:\Program Files\Setup Files
2008-03-23 18:11 --------- d-----w C:\Program Files\PANZERS - Phase2
2008-03-23 14:55 --------- d-----w C:\Program Files\VIA
2008-03-23 14:37 --------- d-----w C:\Program Files\MSI
2008-03-23 13:38 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-03-22 14:01 --------- d-----w C:\Documents and Settings\Doma\Application Data\MSN6
2008-03-22 14:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-03-21 23:03 --------- d-----w C:\Program Files\IDoser
2008-03-21 19:19 --------- d-s---w C:\Program Files\HLSW
2008-03-20 11:42 --------- d-----w C:\Program Files\Picasa2
2008-03-20 11:42 --------- d-----w C:\Program Files\PhotoFiltre
2008-03-17 17:25 --------- d-----w C:\Program Files\GamePark
2008-03-17 17:08 --------- d-----w C:\Program Files\HP
2008-03-17 17:07 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-03-17 17:05 --------- d-----w C:\Program Files\Common Files\HP
2008-03-17 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-17 16:43 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-17 13:32 --------- d-----w C:\Program Files\Zoner
2008-03-17 13:32 --------- d-----w C:\Documents and Settings\Doma\Application Data\Zoner
2008-03-17 03:23 --------- d-----w C:\Program Files\Alwil Software
2008-03-17 02:50 --------- d-----w C:\Program Files\Flarion Desktop Modem USB Driver
2008-03-17 02:18 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-16 23:56 70,656 ----a-w C:\WINDOWS\notepad.exe
2008-03-16 23:55 32,768 ----a-w C:\WINDOWS\hh.exe
2008-03-16 23:55 224,256 ----a-w C:\WINDOWS\regedit.exe
2008-03-16 23:55 1,656,832 ----a-w C:\WINDOWS\explorer.exe
2008-03-16 23:37 --------- d-----w C:\Documents and Settings\Doma\Application Data\Morpheus
2008-03-16 23:34 --------- d-----w C:\Documents and Settings\Doma\Application Data\InstallShield
2008-03-16 23:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\SwiftKit
2008-03-16 23:15 --------- d-----w C:\Documents and Settings\Doma\Application Data\Nero
2008-03-16 23:14 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-16 23:13 --------- d-----w C:\Program Files\Nero
2008-03-16 23:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-16 23:00 --------- d-----w C:\Documents and Settings\Doma\Application Data\Winamp
2008-03-16 22:57 --------- d-----w C:\Program Files\Winamp
2008-03-16 22:46 --------- d-----w C:\Program Files\Realtek AC97
2008-03-16 22:10 --------- d-----w C:\Program Files\Java
2008-03-16 22:07 --------- d-----w C:\Program Files\Common Files\Java
2008-03-16 21:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-16 21:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-16 21:23 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-16 21:22 --------- d-----w C:\Program Files\MSBuild
2008-03-16 21:18 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-16 19:16 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-16 19:16 --------- d-----w C:\Program Files\ASUSTeK
.

------- Sigcheck -------

2008-03-17 01:55 1656832 c58f0e4dae57c0dc304ecc3683958e4c C:\WINDOWS\explorer.exe
2007-06-13 13:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2003-03-31 14:00 1004032 a82b28bfc2e4455fe43022a498c0ef0a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 10:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-03-17 01:55 1656832 c58f0e4dae57c0dc304ecc3683958e4c C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-03-17 01:55 1656832 c58f0e4dae57c0dc304ecc3683958e4c C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{293395A1-5959-4EF1-B292-FB34658265A9}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@={8D2223A2-B3C6-4e32-B096-CDD11F628C60}

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 23:02 96552 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"abxtkhvk"="C:\WINDOWS\system32\knipahib.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"e0796868"="C:\WINDOWS\system32\aiyhheag.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk.disabled [2008-03-17 19:08:47 1808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"u2IZQ1X4zw"= C:\Documents and Settings\All Users\Application Data\vuxcfkvu\tarodchc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ibffpqxe"=C:\WINDOWS\system32\dmbunqpq.exe
"ICQUpdater"="C:\DOCUME~1\Doma\LOCALS~1\Temp\IcqUpdater.exe" -update 4048 "C:\PROGRA~1\ICQ6\updates" "C:\PROGRA~1\ICQ6" "C:\PROGRA~1\ICQ6\ICQ.exe noupdater=1" /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"InCD"=C:\Program Files\Nero\Nero8\InCD\InCD.exe
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe"
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2 - 1.3\\CoD2MP_s.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2 - 1.0\\CoD2MP_s.exe"=
"C:\\CS\\hl.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Blitzkrieg 2\\EXE\\bin\\Game.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5190:TCP"= 5190:TCP:ICQ6SK
"5190:UDP"= 5190:UDP:ICQ6SK2

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 14:46]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 21:22]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 23:02]
R2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys [2004-04-06 12:30]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys [2004-04-06 12:31]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 12:58]
R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-20 01:01]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 09:04]
S3 EnumChip;EnumChip;D:\Driver\Gart\EnumChip.sys []
S3 FlarionDTM;Flarion DTM Network Interface;C:\WINDOWS\system32\DRIVERS\FlrnDTM.sys [2005-05-27 00:06]
S3 HwIOctl;HwIOctl;C:\Program Files\Setup Files\MS-7021 v2.00\HwIOctl.sys []
S3 Memctl;Memctl;C:\Program Files\Setup Files\MS-7021 v2.00\Memctl.sys []

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 22:11:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-04-24 22:15:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 20:15:14

Pre-Run: 29,846,224,896 bytes free
Post-Run: 30,014,427,136 bytes free

255

HJT66 · Napísal autor témy **HJT66**: 24.04.2008 22:27

Už mi ide aj HJT mám pridať aj log z toho?

br4n0 · Napísal **br4n0**: 24.04.2008 22:38

Toto skopíruj do avengera:

Kód:

drivers to delete:
EnumChip
HwIOctl
Memctl

folders to delete:
C:\Documents and Settings\All Users\Application Data\vuxcfkvu

files to delete:
C:\WINDOWS\system32\tahytalx.ini
C:\WINDOWS\system32\ehwqxbsn.ini
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\gaehhyia.ini
C:\WINDOWS\system32\ldvdguql.ini
C:\WINDOWS\pmsoarbf.dll
C:\WINDOWS\qtvglped.dll
C:\WINDOWS\npqtsrak.exe
C:\WINDOWS\rtqmekwg.exe

registry keys to delete:
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{293395A1-5959-4EF1-B292-FB34658265A9}

registry values to delete:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | abxtkhvk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | e0796868
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run | u2IZQ1X4zw

HJT66 · Napísal autor témy **HJT66**: 24.04.2008 23:02

Prilepil som .. dal execute ale vybehla chyba

Kód:

Error:Invalid script. A valid script must begin with a command directive. Aborting execution!

br4n0 · Napísal **br4n0**: 24.04.2008 23:10

Toto by malo íst. Ak používaš operu, skopíruj to v ie.

Kód:

drivers to delete:
EnumChip
HwIOctl
Memctl

folders to delete:
C:\Documents and Settings\All Users\Application Data\vuxcfkvu

files to delete:
C:\WINDOWS\system32\tahytalx.ini
C:\WINDOWS\system32\ehwqxbsn.ini
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\gaehhyia.ini
C:\WINDOWS\system32\ldvdguql.ini
C:\WINDOWS\pmsoarbf.dll
C:\WINDOWS\qtvglped.dll
C:\WINDOWS\npqtsrak.exe
C:\WINDOWS\rtqmekwg.exe

registry keys to delete:
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{293395A1-5959-4EF1-B292-FB34658265A9}

registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | e0796868
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run | u2IZQ1X4zw

HJT66 · Napísal autor témy **HJT66**: 24.04.2008 23:13

Skopírované cez IE (CTRL+C.....) do Avengera ale stále to isté.

br4n0 · Napísal **br4n0**: 24.04.2008 23:25

Neviem, furt to pridáva medzery, keď dám kód. Do tretice:

drivers to delete:
EnumChip
HwIOctl
Memctl

folders to delete:
C:\Documents and Settings\All Users\Application Data\vuxcfkvu

files to delete:
C:\WINDOWS\system32\tahytalx.ini
C:\WINDOWS\system32\ehwqxbsn.ini
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\gaehhyia.ini
C:\WINDOWS\system32\ldvdguql.ini
C:\WINDOWS\pmsoarbf.dll
C:\WINDOWS\qtvglped.dll
C:\WINDOWS\npqtsrak.exe
C:\WINDOWS\rtqmekwg.exe

registry keys to delete:
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{293395A1-5959-4EF1-B292-FB34658265A9}

registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | e0796868
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run | u2IZQ1X4zw

Zvoľ štart - spustiť, skopíruj:

reg delete HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v abxtkhvk

HJT66 · Napísal autor témy **HJT66**: 24.04.2008 23:36

Nešlo, tak som to tam skúsil pridávať všetko pod seba, niečo to spravilo

Kód:

//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Apr 24 23:01:52 2008

23:01:52: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Apr 24 23:02:17 2008

23:02:17: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Apr 24 23:03:38 2008

23:03:38: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Apr 24 23:03:45 2008

23:03:45: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Apr 24 23:12:17 2008

23:12:17: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Apr 24 23:12:34 2008

23:12:34: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Apr 24 23:13:16 2008

23:13:16: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Apr 24 23:13:21 2008

23:13:21: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Apr 24 23:13:24 2008

23:13:24: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Apr 24 23:27:54 2008

23:27:54: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "EnumChip" deleted successfully.
Driver "HwIOctl" deleted successfully.
Driver "Memctl" deleted successfully.
Folder "C:\Documents and Settings\All Users\Application Data\vuxcfkvu" deleted successfully.
File "C:\WINDOWS\system32\tahytalx.ini" deleted successfully.
File "C:\WINDOWS\system32\ehwqxbsn.ini" deleted successfully.
File "C:\WINDOWS\system32\tmp.reg" deleted successfully.
File "C:\WINDOWS\system32\gaehhyia.ini" deleted successfully.
File "C:\WINDOWS\system32\ldvdguql.ini" deleted successfully.
File "C:\WINDOWS\pmsoarbf.dll" deleted successfully.
File "C:\WINDOWS\qtvglped.dll" deleted successfully.
File "C:\WINDOWS\npqtsrak.exe" deleted successfully.
File "C:\WINDOWS\rtqmekwg.exe" deleted successfully.

Error:  registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{293395A1-5959-4EF1-B292-FB34658265A9}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{293395A1-5959-4EF1-B292-FB34658265A9}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|e0796868" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run|u2IZQ1X4zw" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Inak pri štarte som musel znova aktivovať Windows

a HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | abxtkhvk je vymazaný tiež

//a SpyBot sa ma pýta na nejakú zmenu c:/cleanup.exe (ale taký súbor na C nemám)

HJT66 · Napísal autor témy **HJT66**: 24.04.2008 23:46

No musím isť spať, zajtra do školy, Ďakujem za pomoc zajtra sa ešte ozvem s novým logom. IT svet potrebuje stále takých ochotných a schopných ľudí ako si ty

Dobrú noc.

HJT nevie spraviť log...

Podobné témy