[ Príspevkov: 23 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Prihlásený: 15.06.11
Príspevky: 233
Témy: 31 | 31
NapísalOffline : 02.10.2007 19:08 | HJT nieco zvlastne tam je...

takze tuto je log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:47, on 2.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
D:\programy\cistenie od virov\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [Application executable file] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8579971355
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: xxywtuu - C:\WINDOWS\SYSTEM32\xxywtuu.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 7313 bytes



a nepaci sa mi tam tento riadok:
O20 - Winlogon Notify: xxywtuu - C:\WINDOWS\SYSTEM32\xxywtuu.dll
neni to nieco ,, skodliveho,,


Offline

Užívateľ
Užívateľ
HJT nieco zvlastne tam je...

Registrovaný: 01.10.07
Prihlásený: 01.10.07
Príspevky: 3
Témy: 0 | 0
NapísalOffline : 02.10.2007 19:15 | HJT nieco zvlastne tam je...

to sa ti nepáčí dobre, fixni ho :-)


_________________
site admin viry.cz/forum
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Prihlásený: 15.06.11
Príspevky: 233
Témy: 31 | 31
Napísal autor témyOffline : 02.10.2007 19:27 | HJT nieco zvlastne tam je...

no neni to moj vkus :-D , ale ne... tebe sa paci???...

skusal som to fixnut ale je tam znova...tu jenovy log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:29, on 2.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\programy\cistenie od virov\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [Application executable file] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8579971355
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: xxywtuu - C:\WINDOWS\SYSTEM32\xxywtuu.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 7167 bytes


mam ho normalne vymazat, napr. cez KillBox! dajme tomu ze po restarte a odregistrovat .dll? ;)


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
NapísalOffline : 02.10.2007 19:48 | HJT nieco zvlastne tam je...

pockaj na Avira radsej


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Prihlásený: 15.06.11
Príspevky: 233
Témy: 31 | 31
Napísal autor témyOffline : 02.10.2007 20:20 | HJT nieco zvlastne tam je...

Dzimbo píše:
pockaj na Avira radsej


s Avirom som uz mal tu cest davnejsie, na neho dokonale sedi vyrok:
,,he is a great men!,, zachranil mi pc, a ja som ho uz chcel reinstal a on..., od vtedy som si zacal vsimat tie logy a teraz mam sam virus a snazim sa najst co mam spravit, len aspon trocha usmernenia bysom poprosil... ;

Ale sam aviro napisal, ze nezahujte do temy ak ju niekto otvori, az do kym si povodny radca nebude vediet rady a zatial ivigirl nic takeho nenaznacila, ja si pockam , aspon zatial... :)


Offline

Čestný člen
Čestný člen
HJT nieco zvlastne tam je...

Registrovaný: 13.01.07
Prihlásený: 28.05.17
Príspevky: 10134
Témy: 61 | 61
Bydlisko: Dorú Araeba...
NapísalOffline : 02.10.2007 20:47 | HJT nieco zvlastne tam je...

ked napise, ze sa mu nieco nepaci (vylozene ze sa mu to nepaci a nelubi. nie ze to je zle) tak si urcite nieje isty. takze pekne pockajte na avira, alebo niekoho ineho, kto sa naozaj vyzna.


_________________
PC: ASUS P5B deluxe, Q9400 @ 3.2GHz @ 1.25V, ATi 4670, WD 640GB Samsung 2TB, SB Audigy 2 @ kX drivers, Leadtek DTV 2000H; NB: Fujitsu Siemens Amilo Pi 2530; Foto: Canon EOS 550D @ Tamron VC 17-50mm F/2.8 & Tamron 55-200 F/4-5.6
Neposkytujem poradenstvo cez ICQ
"You have not lived, until you found something worth dying for"

Ak nieco potrebujete a dlhsie sa neozyvam, skuste IRC
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 02.10.2007 21:31 | HJT nieco zvlastne tam je...

aviro901 píše:
c/ ak užívateľ pred vami je dlhšiu dobu preč a viete riešiť problém

iwi tu nie je prítomná už dlhšiu dobu, tak ju niekto môže zaskočiť. ;)


Odstráň to cez Killbox (návod v oznámeniach) alebo Avenger.
pre avenger
Kód:
Files to delete:
C:\WINDOWS\SYSTEM32\xxywtuu.dll


+ Mohol by si mi zaslať na mail zálohu avengeru, ktorá bude na C v priečinku Avenger ---> backup.zip Ak Killboxu, tak cely adresár Killbox na C.

Zabaľ súbor do archívu RAR s heslom "infected" (menu rozšírené - nastaviť heslo) a pošli ho na adresu threat.samples@gmail.com


Ak nepôjde zmazať, urob toto:

Stiahnite ComboFix –->
http://download.bleepingcomputer.com/sU ... mboFix.exe

Riaďte sa inštrukciami na obrazovke, neklikajte, počítač môže byť reštartovaný. Vložte na fórum obsah súbora C:\ComboFix.txt


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Prihlásený: 15.06.11
Príspevky: 233
Témy: 31 | 31
Napísal autor témyOffline : 02.10.2007 22:14 | HJT nieco zvlastne tam je...

vymazat to neslo ani cez jedno ani cez druhe, tu je log z combofix:

ComboFix 07-10-02.2 - peter 2007-10-02 22:00:26.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.139 [GMT 2:00]
Running from: C:\Documents and Settings\peter\Plocha\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\peter\Plocha\internet.lnk
C:\Program Files\outerinfo
C:\Program Files\outerinfo\outerinfo.ico
C:\WINDOWS\1.exe
C:\WINDOWS\2.exe
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\iexplorer.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NPF
-------\NPF


((((((((((((((((((((((((( Files Created from 2007-09-02 to 2007-10-02 )))))))))))))))))))))))))))))))
.

2007-10-02 21:59 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-02 18:59 <DIR> d-------- C:\Program Files\Advanced Registry Doctor
2007-10-02 17:45 36,352 --------- C:\WINDOWS\system32\xxywtuu.dll
2007-09-30 22:33 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-09-30 22:33 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-09-30 22:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-09-30 22:33 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-09-30 22:33 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-09-30 22:33 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-09-30 22:33 163,840 --a------ C:\WINDOWS\system32\unrar.dll
2007-09-30 22:33 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-09-30 22:32 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-09-30 20:01 <DIR> d-------- C:\!KillBox
2007-09-30 19:50 <DIR> d-------- C:\Program Files\Vstplugins
2007-09-30 19:50 <DIR> d-------- C:\Program Files\Sony
2007-09-30 19:48 <DIR> d-------- C:\Program Files\Sony Setup
2007-09-27 18:21 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-09-27 17:32 <DIR> d-------- C:\Program Files\Pointstone
2007-09-27 17:32 <DIR> d-------- C:\Program Files\Common Files\Pointstone
2007-09-25 17:43 441,760 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2007-09-25 17:43 44,384 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-09-25 17:42 368,736 --a------ C:\WINDOWS\system32\drivers\tdrpman.sys
2007-09-25 17:42 129,248 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2007-09-25 17:40 <DIR> d-------- C:\Program Files\Common Files\Acronis
2007-09-25 17:40 <DIR> d-------- C:\Program Files\Acronis
2007-09-23 18:52 <DIR> d-------- C:\Program Files\LimeWire
2007-09-23 14:43 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-19 21:35 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-09-19 17:04 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-16 19:20 <DIR> d-------- C:\Program Files\QIP
2007-09-13 17:13 <DIR> d-------- C:\Program Files\CyberLink
2007-09-12 17:53 67,752 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2007-09-12 17:53 61,096 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2007-09-12 17:53 <DIR> d-------- C:\Program Files\Avira
2007-09-11 23:03 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-09-11 17:11 <DIR> d-------- C:\Program Files\CCleaner
2007-09-10 21:56 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-09 23:54 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-09 20:55 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2007-09-09 01:03 88 -r-hs---- C:\WINDOWS\system32\1C6BA2AAD8.sys
2007-09-09 00:56 <DIR> d-------- C:\Program Files\Common Files\Corel
2007-09-08 21:25 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-08 21:16 <DIR> d-------- C:\Program Files\Corel
2007-09-08 18:36 <DIR> d-------- C:\Documents and Settings\peter\Incomplete
2007-09-06 22:28 545 --a------ C:\WINDOWS\UC.PIF
2007-09-06 22:28 545 --a------ C:\WINDOWS\RAR.PIF
2007-09-06 22:28 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-09-06 22:28 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-09-06 22:28 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-09-06 22:28 545 --a------ C:\WINDOWS\LHA.PIF
2007-09-06 22:28 545 --a------ C:\WINDOWS\ARJ.PIF
2007-09-06 22:28 <DIR> d-------- C:\totalcmd
2007-09-05 16:07 <DIR> d-------- C:\Program Files\Microsoft Works
2007-09-05 16:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-09-04 21:18 <DIR> d-------- C:\Program Files\SlySoft
2007-09-04 21:16 86,528 ---h----- C:\WINDOWS\Optimiz.exe
2007-09-04 21:16 0 --a------ C:\WINDOWS\ElbyCDIO.sys
2007-09-04 21:09 505,392 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-09-04 21:09 32,768 --a------ C:\WINDOWS\system32\BCGPOleAcc.dll
2007-09-04 21:09 2,605,056 --a------ C:\WINDOWS\system32\BCGCBPRO800u.dll
2007-09-04 21:09 2,600,960 --a------ C:\WINDOWS\system32\BCGCBPRO800.dll
2007-09-04 21:09 1,712,128 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-09-04 21:09 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-09-04 21:09 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2007-09-03 20:04 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-09-03 20:00 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-09-03 19:57 <DIR> dr-h----- C:\MSOCache
2007-09-03 19:03 <DIR> d-------- C:\Documents and Settings\peter\.borland
2007-09-03 19:00 <DIR> d-------- C:\Program Files\Borland
2007-09-03 17:07 4 --a------ C:\WINDOWS\windebug2561.dll
2007-09-02 18:27 <DIR> d-------- C:\Program Files\PowerISO
2007-09-02 01:15 <DIR> d-------- C:\WINDOWS\Web Download

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-29 14:47 --------- d-------- C:\Program Files\TuneUp Utilities 2007
2007-09-29 00:06 --------- d-------- C:\Program Files\Registry Genius
2007-09-27 18:45 --------- d-------- C:\Program Files\BitComet
2007-09-19 21:35 --------- d-------- C:\Program Files\Nero
2007-09-19 21:19 --------- d-------- C:\Program Files\Common Files\Ahead
2007-09-13 17:15 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-03 20:10 --------- d-------- C:\Program Files\MSBuild
2007-09-02 15:22 --------- d-------- C:\Program Files\AusLogics Registry Defrag
2007-09-02 14:41 --------- d-------- C:\Program Files\Disk Cleaner
2007-09-02 14:12 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-09-01 17:59 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-01 17:55 --------- d-------- C:\Program Files\UltraISO
2007-09-01 17:55 --------- d-------- C:\Program Files\Common Files\EZB Systems
2007-09-01 17:36 --------- d-------- C:\Program Files\MSXML 6.0
2007-09-01 16:23 --------- d-------- C:\Program Files\Reference Assemblies
2007-09-01 14:19 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-01 10:23 --------- d-------- C:\Program Files\ICQ6
2007-08-31 18:25 --------- d-------- C:\Program Files\Realtek
2007-08-31 18:25 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-31 18:21 --------- d-------- C:\Program Files\Motorola
2007-08-31 18:18 --------- d-------- C:\Program Files\Common Files\ATI Technologies
2007-08-31 18:17 --------- d-------- C:\Program Files\ATI Technologies
2007-08-31 18:05 --------- d-------- C:\Program Files\microsoft frontpage
2007-08-31 14:04 222488 --a------ C:\WINDOWS\system32\snapapi.dll
2007-08-28 12:00 626688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-08-28 12:00 548864 --a------ C:\WINDOWS\system32\msvcp80.dll
2007-08-28 12:00 1101824 --a------ C:\WINDOWS\system32\mfc80.dll
2007-08-08 09:33 132904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2007-08-08 09:33 11304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2007-08-07 02:15 33052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2007-08-04 10:40 972072 --a------ C:\WINDOWS\UNRecode.exe
2007-08-04 10:10 95600 --a------ C:\WINDOWS\system32\NeroCo.dll
2007-08-03 12:52 972072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-20 00:57 267112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-07-20 00:54 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-19 18:14 444776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-07-19 18:14 3727720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-07-19 18:14 1358192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 09:34 C:\WINDOWS\RTHDCPL.exe]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [2007-08-31 12:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Application executable file"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 07:57]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)
"NoThumbnailCache"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E908A6A7-026C-4FBE-93A9-96020BEEAD53}"= C:\WINDOWS\system32\xxywtuu.dll [2007-10-02 17:45 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywtuu]
xxywtuu.dll 2007-10-02 17:45 36352 C:\WINDOWS\system32\xxywtuu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe

R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys
R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R1 avfwot;avfwot;C:\WINDOWS\system32\DRIVERS\avfwot.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;"C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe"
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe"
R2 AntiVirScheduler;Avira Premium Security Suite Scheduler;"C:\Program Files\Avira\Avira Premium Security Suite\sched.exe"
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE"
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe"
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe"
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-02 22:07:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AntiVirScheduler]
"ImagePath"="\"C:\Program Files\Avira\Avira Premium Security Suite\sched.exe\""
.
Completion time: 2007-10-02 22:09:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-02 22:08
.
--- E O F ---


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Prihlásený: 15.06.11
Príspevky: 233
Témy: 31 | 31
Napísal autor témyOffline : 02.10.2007 22:16 | HJT nieco zvlastne tam je...

nasledne davam log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:40, on 2.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\programy\cistenie od virov\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [Application executable file] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8579971355
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: xxywtuu - C:\WINDOWS\SYSTEM32\xxywtuu.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 7093 bytes

edit/

na tieto 2 by som sa chcel spytat co to je, ak budete taky mily ;)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

mal som raz problemy s netom a pouzil som normalny windowsacky ,,hladac,, chyb ale nakoniec to bolo providerom... CIze toto je len nejaka sprava o tom?


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 02.10.2007 22:56 | HJT nieco zvlastne tam je...

Otvor Poznámkový blok a vlož do neho toto:
Kód:
Collect::
C:\WINDOWS\system32\xxywtuu.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywtuu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

Ulož to na plochu ako CFScript.txt a sprav toto =>

HJT nieco zvlastne tam je...

- aj ComboFix musí byť na ploche



Otestuj na http://www.virustotal.com a vlož výsledky:

C:\WINDOWS\system32\drivers\tdrpman.sys
C:\WINDOWS\system32\1C6BA2AAD8.sys
C:\WINDOWS\Optimiz.exe
C:\WINDOWS\windebug2561.dll



+ Zašli mi prosím adresár Qoobox, ktorý je na disku C a súbor submit...., ktorý bude na ploche po aplikovaní ComboFixa. Zabaľ ich do RARu s heslom "infected" a pošli na threat.samples@gmail.com


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Prihlásený: 15.06.11
Príspevky: 233
Témy: 31 | 31
Napísal autor témyOffline : 02.10.2007 23:51 | HJT nieco zvlastne tam je...

takze na virus totale naslo len pri tomto:
C:\WINDOWS\Optimiz.exe

AhnLab-V3 2007.10.3.0 2007.10.02 -
AntiVir 7.6.0.18 2007.10.02 -
Authentium 4.93.8 2007.10.02 -
Avast 4.7.1043.0 2007.10.02 -
AVG 7.5.0.488 2007.10.02 -
BitDefender 7.2 2007.10.02 -
CAT-QuickHeal 9.00 2007.10.02 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.10.02 -
DrWeb 4.44.0.09170 2007.10.02 -
eSafe 7.0.15.0 2007.10.02 suspicious Trojan/Worm
eTrust-Vet 31.2.5179 2007.10.02 -
Ewido 4.0 2007.10.02 -
FileAdvisor 1 2007.10.02 -
Fortinet 3.11.0.0 2007.10.02 -
F-Prot 4.3.2.48 2007.10.01 -
F-Secure 6.70.13030.0 2007.10.02 -
Ikarus T3.1.1.12 2007.10.02 -
Kaspersky 7.0.0.125 2007.10.02 -
McAfee 5132 2007.10.02 -
Microsoft 1.2803 2007.10.02 -
NOD32v2 2566 2007.10.02 -
Norman 5.80.02 2007.10.02 -
Panda 9.0.0.4 2007.10.02 Suspicious file
Prevx1 V2 2007.10.02 -
Rising 19.43.10.00 2007.10.02 -
Sophos 4.22.0 2007.10.02 -
Sunbelt 2.2.907.0 2007.10.02 -
Symantec 10 2007.10.02 -
TheHacker 6.2.6.075 2007.10.01 -
VBA32 3.12.2.4 2007.10.02 -
VirusBuster 4.3.26:9 2007.10.02 -
Webwasher-Gateway 6.0.1 2007.10.02 Win32.Malware.gen (suspicious)
Rozšiřující informace


a log z combofixa co mi vyhodilo je tento:

ComboFix 07-10-02.2 - peter 2007-10-02 23:40:04.2 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.106 [GMT 2:00]
Running from: C:\Documents and Settings\peter\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\peter\Plocha\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\xxywtuu.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-02 to 2007-10-02 )))))))))))))))))))))))))))))))
.

2007-10-02 23:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-02 18:59 <DIR> d-------- C:\Program Files\Advanced Registry Doctor
2007-09-30 22:33 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-09-30 22:33 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-09-30 22:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-09-30 22:33 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-09-30 22:33 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-09-30 22:33 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-09-30 22:33 163,840 --a------ C:\WINDOWS\system32\unrar.dll
2007-09-30 22:33 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-09-30 22:32 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-09-30 20:01 <DIR> d-------- C:\!KillBox
2007-09-30 19:50 <DIR> d-------- C:\Program Files\Vstplugins
2007-09-30 19:50 <DIR> d-------- C:\Program Files\Sony
2007-09-30 19:48 <DIR> d-------- C:\Program Files\Sony Setup
2007-09-27 18:21 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-09-27 17:32 <DIR> d-------- C:\Program Files\Pointstone
2007-09-27 17:32 <DIR> d-------- C:\Program Files\Common Files\Pointstone
2007-09-25 17:43 441,760 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2007-09-25 17:43 44,384 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-09-25 17:42 368,736 --a------ C:\WINDOWS\system32\drivers\tdrpman.sys
2007-09-25 17:42 129,248 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2007-09-25 17:40 <DIR> d-------- C:\Program Files\Common Files\Acronis
2007-09-25 17:40 <DIR> d-------- C:\Program Files\Acronis
2007-09-23 18:52 <DIR> d-------- C:\Program Files\LimeWire
2007-09-23 14:43 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-19 21:35 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-09-19 17:04 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-16 19:20 <DIR> d-------- C:\Program Files\QIP
2007-09-13 17:13 <DIR> d-------- C:\Program Files\CyberLink
2007-09-12 17:53 67,752 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2007-09-12 17:53 61,096 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2007-09-12 17:53 <DIR> d-------- C:\Program Files\Avira
2007-09-11 23:03 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-09-11 17:11 <DIR> d-------- C:\Program Files\CCleaner
2007-09-10 21:56 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-09 23:54 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-09 20:55 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2007-09-09 01:03 88 -r-hs---- C:\WINDOWS\system32\1C6BA2AAD8.sys
2007-09-09 00:56 <DIR> d-------- C:\Program Files\Common Files\Corel
2007-09-08 21:25 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-08 21:16 <DIR> d-------- C:\Program Files\Corel
2007-09-08 18:36 <DIR> d-------- C:\Documents and Settings\peter\Incomplete
2007-09-06 22:28 545 --a------ C:\WINDOWS\UC.PIF
2007-09-06 22:28 545 --a------ C:\WINDOWS\RAR.PIF
2007-09-06 22:28 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-09-06 22:28 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-09-06 22:28 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-09-06 22:28 545 --a------ C:\WINDOWS\LHA.PIF
2007-09-06 22:28 545 --a------ C:\WINDOWS\ARJ.PIF
2007-09-06 22:28 <DIR> d-------- C:\totalcmd
2007-09-05 16:07 <DIR> d-------- C:\Program Files\Microsoft Works
2007-09-05 16:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-09-04 21:18 <DIR> d-------- C:\Program Files\SlySoft
2007-09-04 21:16 86,528 ---h----- C:\WINDOWS\Optimiz.exe
2007-09-04 21:16 0 --a------ C:\WINDOWS\ElbyCDIO.sys
2007-09-04 21:09 505,392 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-09-04 21:09 32,768 --a------ C:\WINDOWS\system32\BCGPOleAcc.dll
2007-09-04 21:09 2,605,056 --a------ C:\WINDOWS\system32\BCGCBPRO800u.dll
2007-09-04 21:09 2,600,960 --a------ C:\WINDOWS\system32\BCGCBPRO800.dll
2007-09-04 21:09 1,712,128 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-09-04 21:09 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-09-04 21:09 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2007-09-03 20:04 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-09-03 20:00 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-09-03 19:57 <DIR> dr-h----- C:\MSOCache
2007-09-03 19:03 <DIR> d-------- C:\Documents and Settings\peter\.borland
2007-09-03 19:00 <DIR> d-------- C:\Program Files\Borland
2007-09-03 17:07 4 --a------ C:\WINDOWS\windebug2561.dll
2007-09-02 18:27 <DIR> d-------- C:\Program Files\PowerISO
2007-09-02 01:15 <DIR> d-------- C:\WINDOWS\Web Download

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-29 14:47 --------- d-------- C:\Program Files\TuneUp Utilities 2007
2007-09-29 00:06 --------- d-------- C:\Program Files\Registry Genius
2007-09-27 18:45 --------- d-------- C:\Program Files\BitComet
2007-09-19 21:35 --------- d-------- C:\Program Files\Nero
2007-09-19 21:19 --------- d-------- C:\Program Files\Common Files\Ahead
2007-09-13 17:15 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-03 20:10 --------- d-------- C:\Program Files\MSBuild
2007-09-02 15:22 --------- d-------- C:\Program Files\AusLogics Registry Defrag
2007-09-02 14:41 --------- d-------- C:\Program Files\Disk Cleaner
2007-09-02 14:12 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-09-01 17:59 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-01 17:55 --------- d-------- C:\Program Files\UltraISO
2007-09-01 17:55 --------- d-------- C:\Program Files\Common Files\EZB Systems
2007-09-01 17:36 --------- d-------- C:\Program Files\MSXML 6.0
2007-09-01 16:23 --------- d-------- C:\Program Files\Reference Assemblies
2007-09-01 14:19 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-01 10:23 --------- d-------- C:\Program Files\ICQ6
2007-08-31 18:25 --------- d-------- C:\Program Files\Realtek
2007-08-31 18:25 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-31 18:21 --------- d-------- C:\Program Files\Motorola
2007-08-31 18:18 --------- d-------- C:\Program Files\Common Files\ATI Technologies
2007-08-31 18:17 --------- d-------- C:\Program Files\ATI Technologies
2007-08-31 18:05 --------- d-------- C:\Program Files\microsoft frontpage
2007-08-08 09:33 132904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2007-08-08 09:33 11304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2007-08-07 02:15 33052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2007-08-04 10:40 972072 --a------ C:\WINDOWS\UNRecode.exe
2007-08-03 12:52 972072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 09:34 C:\WINDOWS\RTHDCPL.exe]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [2007-08-31 12:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Application executable file"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 07:57]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)
"NoThumbnailCache"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe

R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys
R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R1 avfwot;avfwot;C:\WINDOWS\system32\DRIVERS\avfwot.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-02 23:44:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AntiVirScheduler]
"ImagePath"="\"C:\Program Files\Avira\Avira Premium Security Suite\sched.exe\""
.
Completion time: 2007-10-02 23:47:02 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-02 23:46
C:\ComboFix2.txt ... 2007-10-02 22:09
.
--- E O F ---



a ten mail vam poslem zajtra , dnes sa uz poberem, zatial diky a dobru...


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Prihlásený: 15.06.11
Príspevky: 233
Témy: 31 | 31
Napísal autor témyOffline : 03.10.2007 16:25 | HJT nieco zvlastne tam je...

takze mam problem s odosielanaim toho mailu :cry: neviem mi nacitat to, ze ho odosle... ine maily mi idu v pohode, ale tento nie a nie... :-)

takze som vam ho dal sem, stahiadlto, ak vam to nebude vadit, by ste ho mohli stiahnut ma to skoro 15MB... :
Kód:
http://www.sendspace.com/file/5in2mm




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19:12, on 3.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\programy\cistenie od virov\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [Application executable file] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8579971355
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 6963 bytes


a toto je novy log z HJT... co na to vravite ako odbornik ;) ????


edit/
hento na tom otestovani vo virustatale je v poriadku?


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 03.10.2007 16:32 | HJT nieco zvlastne tam je...

Logy sú čisté.


Ale ty si otestoval len jeden súbor - mal si štyri. :)


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Prihlásený: 15.06.11
Príspevky: 233
Témy: 31 | 31
Napísal autor témyOffline : 03.10.2007 16:45 | HJT nieco zvlastne tam je...

aviro901 píše:
Logy sú čisté.


Ale ty si otestoval len jeden súbor - mal si štyri. :)


otestoval som vsekty styri ;) , len bol vysledok 0 z 32, tak som ich sem nedaval :D

cize uz tu nic nie je?


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 03.10.2007 17:03 | HJT nieco zvlastne tam je...

Stiahnite Avenger -–>
http://swandog46.geekstogo.com/avenger.exe

Spustiť – „Input script manually“ – Lupa – Skopírovať kód – „Done“ – Semafor – Potvrdiť – Nasleduje reštart PC
Kód:
Drivers to unload:
tdrpman.sys
1C6BA2AAD8.sys

Files to delete:
C:\WINDOWS\system32\drivers\tdrpman.sys
C:\WINDOWS\system32\1C6BA2AAD8.sys
C:\WINDOWS\Optimiz.exe
C:\WINDOWS\windebug2561.dll


Mohli by ste mi zaslať na mail zálohu avengeru, ktorá bude na C v priečinku Avenger ---> backup.zip

Zabaľte súbor do archívu RAR s heslom "infected" (menu rozšírené - nastaviť heslo) a pošlite ho na adresu threat.samples@gmail.com

Tu je WinRAR SK: ftp://ftp.elf.stuba.sk/pub/pc/pack/wr370sk.exe

Ďakujem :)


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Prihlásený: 15.06.11
Príspevky: 233
Témy: 31 | 31
Napísal autor témyOffline : 03.10.2007 17:21 | HJT nieco zvlastne tam je...

ok poslane mailom ta zaloha , pre istotu dalsi log z HJT...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:42, on 3.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\programy\cistenie od virov\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [Application executable file] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8579971355
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 7029 bytes


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 03.10.2007 17:26 | HJT nieco zvlastne tam je...

Čisto :)


Ďakujem za súbory. ;) Je ešte nejaký problém?


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Prihlásený: 15.06.11
Príspevky: 233
Témy: 31 | 31
Napísal autor témyOffline : 03.10.2007 17:33 | HJT nieco zvlastne tam je...

vy dakujete :(

to skor ja vam DAKUJEM velmi pekne, nie, vsetko je poriadku...

do skoreho videnia :lol: , ale nie...


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Prihlásený: 15.06.11
Príspevky: 233
Témy: 31 | 31
Napísal autor témyOffline : 03.10.2007 21:17 | HJT nieco zvlastne tam je...

AVIRO, co ste mi to dali zmazat cez ten avenger? :jaw: :jaw: :jaw:

potom som vypol pocitac, elbo som siel prec... a ked sa vratim zapinam pc, a nejde ho spusti-modra obrazovka smrti...

tak si poviem ze idem do nudzoveho rezimu a skusim obnovenie cez tu zalohu... ale sranda ze ani nudzovy rezim nejde :cry:

som musel na novo isntalovat windows :loony:

takze co som to vymazal ze mi padol?


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 03.10.2007 21:24 | HJT nieco zvlastne tam je...

Boli to úplne neznáme veci, o ktorých nie sú žiadne informácie => žiadne windowsové veci

:pat:


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Prihlásený: 15.06.11
Príspevky: 233
Témy: 31 | 31
Napísal autor témyOffline : 03.10.2007 21:42 | HJT nieco zvlastne tam je...

aviro901 píše:
:pat:


ten smile je dobry ;) , takze preco mi padol windows asi neviete?


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 03.10.2007 21:57 | HJT nieco zvlastne tam je...

Jeden súbor bol asi určite súčasťou Acronicsu. Čo už, stalo sa. :cry:


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Prihlásený: 15.06.11
Príspevky: 233
Témy: 31 | 31
Napísal autor témyOffline : 03.10.2007 22:10 | HJT nieco zvlastne tam je...

aviro901 píše:
Jeden súbor bol asi určite súčasťou Acronicsu. Čo už, stalo sa. :cry:


ved tak, ale chivlu to slo :-D :-D ... mozna nabuduce... ;)


 [ Príspevkov: 23 ] 


HJT nieco zvlastne tam je...



Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy.

HP TouchPad je mŕtvy. Skončí WebOS tam, kde je dnes Symbian?

v Novinky

12

680

23.08.2011 16:12

Deafboy

V tomto fóre nie sú ďalšie neprečítané témy.

Potrebujem poradit.......ECSK7S5A..aka je tam zvukova karta

v Ostatné čipové sady

3

483

16.12.2007 10:29

Carlos

V tomto fóre nie sú ďalšie neprečítané témy.

Vloženie znakov do textarei tam, kde je kurzor

v JavaScript, VBScript, Ajax

3

285

01.01.2011 22:19

shaggy

V tomto fóre nie sú ďalšie neprečítané témy.

Notebook Lenovo Y50-70, aká je tam grafická karta?

v Notebooky a netbooky

5

143

20.09.2015 13:52

Rockerao

V tomto fóre nie sú ďalšie neprečítané témy.

kdyz je deska udelana ze se tam daj dat dva procesory

v AMD čipové sady

7

694

30.12.2007 12:07

uai

V tomto fóre nie sú ďalšie neprečítané témy.

Kupil som novu VGA (msi 560 GTX-Ti)a uz je tam problem !

v nVidia grafické karty

22

938

20.12.2011 22:14

Luks

V tomto fóre nie sú ďalšie neprečítané témy.

Wifi s WEP na sieti, pri ktorej neukazuje,ze tam nie je enc.

v Operačné systémy Unix a Linux

0

410

10.10.2007 8:37

iyo

V tomto fóre nie sú ďalšie neprečítané témy.

Niečo je so sieťovkou

v Siete

3

161

16.01.2011 20:52

majky358

V tomto fóre nie sú ďalšie neprečítané témy.

Nieco je v zdroji

v PC skrinky a zdroje

7

396

15.01.2008 10:56

endorphin

V tomto fóre nie sú ďalšie neprečítané témy.

Je nieco lepsie ako Thunderbird ?

v Sieťové a internetové programy

15

1486

13.11.2010 11:26

baumax

V tomto fóre nie sú ďalšie neprečítané témy.

Niečo je zlé a neviem čo

v Ostatné

3

187

01.05.2017 12:49

resetko

V tomto fóre nie sú ďalšie neprečítané témy.

Dve nepodarky za sebou, je nieco zle?

v ATI/AMD grafické karty

7

211

29.12.2014 20:40

3DeX

V tomto fóre nie sú ďalšie neprečítané témy.

je niečo lepšie? Acer Aspire 4820TZG-P614G50Mnks

v Notebooky a netbooky

1

262

16.09.2010 13:31

kmsa

V tomto fóre nie sú ďalšie neprečítané témy.

nieco co je schopne spravit screen DOS

v Ostatné programy

6

469

25.09.2008 22:16

prandof

V tomto fóre nie sú ďalšie neprečítané témy.

Grafická karta ASUS ENGTS250... je nieco lepsie?

v nVidia grafické karty

10

833

04.03.2010 12:41

ac.milan

V tomto fóre nie sú ďalšie neprečítané témy.

Je niečo lepšie do 550 Eur ako ASUS K53SV?

v Notebooky a netbooky

2

193

17.05.2012 22:23

Dubo



© 2005 - 2017 PCforum, edited by JanoF