[ Príspevkov: 4 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 31.03.08
Prihlásený: 23.08.08
Príspevky: 6
Témy: 2 | 2
NapísalOffline : 31.03.2008 18:41 | kluci help..... hijack

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:40:19, on 31. 3. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\psimsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Deti\Tibor\delamehudbu\Internet Download Manager\IDMan.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\WINDOWS\Explorer.EXE
C:\Deti\Tibor\delamehudbu\Internet Download Manager\IEMonitor.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\Deti\Tibor\Blbosti\Photochopz\resources\Downloads\Programs\HiJackThis_v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\avciman.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\psimreal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Deti\Tibor\delamehudbu\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Deti\Tibor\delamehudbu\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Prevziať cez IDM - C:\Deti\Tibor\delamehudbu\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Prevziať cez IDM všetky prepojenia - C:\Deti\Tibor\delamehudbu\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Prevziať obsah FLV cez IDM - C:\Deti\Tibor\delamehudbu\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8742957453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\psimsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

--
End of file - 9248 bytes


mam problem hlavne s rychlostou pripojenia a niekedy ma pocitac pomale reakcie.


prosim vas cheknite mi to...... dakujem


Offline

Skúsený užívateľ
Skúsený užívateľ
kluci help..... hijack

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 01.04.2008 10:39 | kluci help..... hijack

Toto fix:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

a pošli log z combofix.


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 31.03.08
Prihlásený: 23.08.08
Príspevky: 6
Témy: 2 | 2
Napísal autor témyOffline : 01.04.2008 18:49 | kluci help..... hijack

ComboFix 08-03-30.5 - Tibor - 2008-04-01 18:37:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.210 [GMT 2:00]
Running from: C:\Documents and Settings\Tibor\Dokumenty\Downloads\Programs\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\msvcsv60.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.

2008-03-30 10:16 . 2008-03-30 16:32 <DIR> d-------- C:\Documents and Settings\Tibor\Data aplikací\IDM
2008-03-22 13:03 . 2008-03-22 13:03 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-03-22 13:01 . 2008-03-22 13:01 <DIR> d-------- C:\Program Files\Steinberg
2008-03-22 13:01 . 2008-03-22 13:01 <DIR> d-------- C:\Program Files\DigiDesign
2008-03-13 19:24 . 2008-03-13 19:24 <DIR> d-------- C:\Documents and Settings\Tibor\Data aplikací\Sony Ericsson
2008-03-13 17:18 . 2008-03-16 14:03 <DIR> d-------- C:\Documents and Settings\OTO-ECD0B22\Data aplikací\U3
2008-03-12 15:32 . 2008-03-12 15:32 <DIR> d-------- C:\Documents and Settings\OTO-ECD0B22\Data aplikací\Sony Ericsson
2008-03-12 15:04 . 2007-04-04 13:43 23,176 -ra------ C:\WINDOWS\system32\drivers\s716nd5.sys
2008-03-12 15:03 . 2007-04-04 13:43 108,552 -ra------ C:\WINDOWS\system32\drivers\s716mdm.sys
2008-03-12 15:03 . 2007-04-04 13:43 100,360 -ra------ C:\WINDOWS\system32\drivers\s716mgmt.sys
2008-03-12 15:03 . 2007-04-04 13:43 98,952 -ra------ C:\WINDOWS\system32\drivers\s716unic.sys
2008-03-12 15:03 . 2007-04-04 13:43 98,568 -ra------ C:\WINDOWS\system32\drivers\s716obex.sys
2008-03-12 15:03 . 2007-04-04 13:43 15,112 -ra------ C:\WINDOWS\system32\drivers\s716mdfl.sys
2008-03-12 15:03 . 2007-04-04 13:43 12,424 -ra------ C:\WINDOWS\system32\drivers\s716cmnt.sys
2008-03-12 15:03 . 2007-04-04 13:43 12,424 -ra------ C:\WINDOWS\system32\drivers\s716cm.sys
2008-03-12 15:03 . 2007-04-04 13:43 11,016 -ra------ C:\WINDOWS\system32\drivers\s716cr.sys
2008-03-12 15:01 . 2008-03-12 15:04 <DIR> d-------- C:\Documents and Settings\Renata\Data aplikací\Teleca
2008-03-12 14:57 . 2008-03-12 14:57 <DIR> d-------- C:\Documents and Settings\Renata\Data aplikací\Sony Ericsson
2008-03-09 13:46 . 2008-03-09 13:46 261 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-03-02 19:15 . 2008-03-02 19:15 <DIR> d-------- C:\Documents and Settings\Renata\Data aplikací\GetRight Pro
2008-03-02 16:22 . 2008-03-02 16:23 <DIR> d-------- C:\Documents and Settings\OTO-ECD0B22\Data aplikací\GetRight Pro
2008-03-02 15:23 . 2008-03-02 15:23 <DIR> d-------- C:\Program Files\Webteh
2008-03-02 14:06 . 2008-03-27 18:40 <DIR> d-------- C:\Documents and Settings\Tibor\Data aplikací\GetRight Pro
2008-03-02 14:06 . 2008-03-02 19:15 47 --a------ C:\WINDOWS\.snk
2008-03-02 14:05 . 2008-03-27 18:41 <DIR> d-------- C:\Program Files\GetRight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 16:34 203,684 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-04-01 16:34 203,684 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-04-01 16:34 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-04-01 16:34 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-04-01 16:26 --------- d-----w C:\Documents and Settings\Tibor\Data aplikací\DMCache
2008-04-01 07:12 13,880 ----a-w C:\WINDOWS\system32\drivers\COMFiltr.sys
2008-03-27 18:13 0 -c--a-w C:\WINDOWS\system32\drivers\wnmsav.dat
2008-03-22 11:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 09:21 --------- d-----w C:\Program Files\Patriots
2008-03-14 07:31 --------- d-----w C:\Program Files\Sony Ericsson
2008-03-14 07:31 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-03-14 07:31 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2008-03-12 13:32 --------- d-----w C:\Documents and Settings\OTO-ECD0B22\Data aplikací\Teleca
2008-02-29 09:45 --------- d--h--r C:\Documents and Settings\Tibor\Data aplikací\SecuROM
2008-02-28 09:06 --------- d-----w C:\Documents and Settings\OTO-ECD0B22\Data aplikací\MegauploadToolbar
2008-02-28 08:19 --------- d-----w C:\Program Files\Panda Security
2008-02-18 17:15 --------- d-----w C:\Program Files\Bigfish Games 7 Wonders II Second Edition
2008-02-18 17:15 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\7Wonders2
2008-02-15 15:12 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-02-12 17:56 --------- d-----w C:\Documents and Settings\Tibor\Data aplikací\Media Player Classic
2008-02-12 11:43 --------- d-----w C:\Documents and Settings\OTO-ECD0B22\Data aplikací\Media Player Classic
2008-01-12 07:22 5,632 --sha-w C:\Program Files\Thumbs.db
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 12:46 796,672 ----a-w C:\WINDOWS\GPInstall.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]
"IDMan"="C:\Deti\Tibor\delamehudbu\Internet Download Manager\IDMan.exe" [2008-03-30 10:17 2594224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AlcFDMonitor"="C:\WINDOWS\ALCFDRTM.EXE" [2007-09-27 18:39 81920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-18 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-18 14:00 143872]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 16:14 86016 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 16:26 2808832 C:\WINDOWS\ALCWZRD.EXE]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.exe" [2007-07-23 19:30 406832]
"SCANINICIO"="C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe" [2007-07-11 16:17 27952]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-09-27 07:59 81920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 14:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoMultiIE"= 0 (0x0)
"LWA"= 0 (0x0)
"LWB"= 0 (0x0)
"LWC"= 0 (0x0)
"LWD"= 0 (0x0)
"LWE"= 0 (0x0)
"LWF"= 0 (0x0)
"LWG"= 0 (0x0)
"LWH"= 0 (0x0)
"LWI"= 0 (0x0)
"LWJ"= 0 (0x0)
"LWK"= 0 (0x0)
"LWL"= 0 (0x0)
"LWM"= 0 (0x0)
"LWN"= 0 (0x0)
"LWO"= 0 (0x0)
"LWP"= 0 (0x0)
"LWQ"= 0 (0x0)
"LWR"= 0 (0x0)
"LWS"= 0 (0x0)
"LWT"= 0 (0x0)
"LWU"= 0 (0x0)
"LWV"= 0 (0x0)
"LWW"= 0 (0x0)
"LWX"= 0 (0x0)
"LWY"= 0 (0x0)
"LWZ"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 21:02 50736 C:\WINDOWS\system32\avldr.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Corel MEDIA FOLDERS INDEXER 8.LNK]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Corel MEDIA FOLDERS INDEXER 8.LNK
backup=C:\WINDOWS\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Winter Fun Wallpaper Changer.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Winter Fun Wallpaper Changer.lnk
backup=C:\WINDOWS\pss\Winter Fun Wallpaper Changer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Documents and Settings\OTO\Dokumenty\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Deti\Tibor\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MOD]
c:\deti\tibor\projektwerkceug\jojo\muamgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
C:\Program Files\Spy Emergency 2005\SpyEmergency.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2005-09-27 07:59 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2006-04-29 15:21 94208 C:\Deti\Tibor\delamehudbu\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8217:TCP"= 8217:TCP:*:Disabled:BitComet 8217 TCP
"8217:UDP"= 8217:UDP:*:Disabled:BitComet 8217 UDP

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-06-01 10:19]
R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-05-11 10:33]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 10:33]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-05-11 10:33]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 12:39]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 13:55]
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys [2003-01-23 14:29]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-05-11 10:33]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\Drivers\ShlDrv51.sys [2007-05-23 16:40]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 10:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 10:33]
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\drivers\cpoint.sys [2007-06-08 09:44]
R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS [1999-01-10 14:00]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 14:49]
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
R3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [2003-03-30 21:38]
R3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [2003-03-28 11:58]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 16:43]
R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 14:00]
S1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS\system32\Drivers\spyemrg.sys []
S2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys []
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S3 FXDRV;FXDRV;C:\Program Files\SuperUtilities\Fxdrv.sys [2004-06-09 10:56]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 21:34]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-11-26 10:25]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-11-26 10:25]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 21:34]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 21:34]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-06-29 10:59]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 13:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 13:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 13:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 13:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 13:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 13:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31270bd3-edce-11db-a17a-893a815b3c7d}]
\Shell\AutoRun\command - G:\RunGame.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-01 16:39:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2008-03-09 11:45:10 C:\WINDOWS\Tasks\Základné čistenie.job"
- C:\Program Files\Panda Security\Panda Internet Security 2008\PlaTasks.exe
"2008-03-09 11:45:11 C:\WINDOWS\Tasks\Základné čistenie1.job"
- C:\Program Files\Panda Security\Panda Internet Security 2008\PlaTasks.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 18:40:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-01 18:41:27
ComboFix-quarantined-files.txt 2008-04-01 16:41:18
Adresářů: 13, Volných bajtů: 47,632,502,784
Adresářů: 17, Volných bajtů: 47,614,291,968
.
2008-03-21 07:47:58 --- E O F ---



tu to mas


a este raz dikes


Offline

Skúsený užívateľ
Skúsený užívateľ
kluci help..... hijack

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 01.04.2008 20:33 | kluci help..... hijack

Tento skript vlož do combofix:
Kód:
KillAll::

File::
C:\WINDOWS\system32\drivers\wnmsav.dat

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31270bd3-edce-11db-a17a-893a815b3c7d}]


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
 [ Príspevkov: 4 ] 


kluci help..... hijack



Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy.

Linux na USB kluci

v Operačné systémy Unix a Linux

5

1625

29.11.2009 11:56

gomra

V tomto fóre nie sú ďalšie neprečítané témy.

Partície na USB kluci

v Ostatné zariadenia

4

2161

04.06.2008 23:11

kosTa

V tomto fóre nie sú ďalšie neprečítané témy.

Stratené dáta na USB kľúčí??

v Ostatné zariadenia

1

619

04.04.2010 22:22

Millfox

V tomto fóre nie sú ďalšie neprečítané témy.

Fedora 9 na USB kľúči

v Novinky

5

466

18.05.2008 18:32

ScorpionSX

V tomto fóre nie sú ďalšie neprečítané témy.

Problém s otváraním súborov na USB kľúči

v Ostatné zariadenia

2

325

03.01.2014 21:48

Smith Wesson

V tomto fóre nie sú ďalšie neprečítané témy.

Zlaté české ručičky: Kluci si navrhli lietajúci bicykel

v Novinky

9

330

30.05.2012 22:52

El_Silver

V tomto fóre nie sú ďalšie neprečítané témy.

hijack this

v Antivíry a antispywary

3

377

06.11.2010 20:13

Pistuk_14

V tomto fóre nie sú ďalšie neprečítané témy.

hijack this

v Antivíry a antispywary

12

504

30.11.2009 19:35

pitimir

V tomto fóre nie sú ďalšie neprečítané témy.

kontrola hijack

[ Choď na stránku:Choď na stránku: 1, 2 ]

v Bezpečnosť a firewally

35

1655

04.05.2013 9:14

kontingent

V tomto fóre nie sú ďalšie neprečítané témy.

kontrola hijack

v Antivíry a antispywary

1

325

13.11.2007 15:22

Rbot

V tomto fóre nie sú ďalšie neprečítané témy.

Na 64GB USB kluci je mozne vyuzit len 3 GB

v Ostatné zariadenia

13

1169

25.01.2010 20:45

pecoo

V tomto fóre nie sú ďalšie neprečítané témy.

Hijack log-pls

v Antivíry a antispywary

13

483

17.07.2008 21:38

McDog

V tomto fóre nie sú ďalšie neprečítané témy.

Log z hijack

v Antivíry a antispywary

3

405

04.06.2008 18:53

Qpkqkma

V tomto fóre nie sú ďalšie neprečítané témy.

Moj Hijack log

v Antivíry a antispywary

0

315

05.02.2008 20:50

Larliand

V tomto fóre nie sú ďalšie neprečítané témy.

Kontrola Hijack logu

v Antivíry a antispywary

15

736

25.06.2008 3:15

Roberbo

V tomto fóre nie sú ďalšie neprečítané témy.

hijack - poprosim o kontrolu

v Bezpečnosť a firewally

1

953

13.07.2008 18:32

Kosak



© 2005 - 2017 PCforum, edited by JanoF