Obsah fóra
PravidláRegistrovaťPrihlásenie




Odpovedať na tému [ Príspevkov: 4 ] 
AutorSpráva
Offline

Čestný člen
Čestný člen
kontrola HJT

Registrovaný: 10.11.05
Príspevky: 1342
Témy: 67
Bydlisko: Banská Byst...
Príspevok NapísalOffline : 06.07.2008 1:22

dost dlho sa mi vypina PC

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\Program Files\DU Meter\dumeter.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
D:\Programs\Ad-Aware SE Professional\Ad-Watch.exe
D:\Programs\X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\SpeedFan\speedfan.exe
D:\Programs\Widgets\YahooWidgets.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
D:\Programs\NOD32inst\nod32krn.exe
D:\Programs\Widgets\YahooWidgets.exe
D:\Programs\Widgets\YahooWidgets.exe
D:\Programs\Widgets\YahooWidgets.exe
D:\Programs\Widgets\YahooWidgets.exe
d:\programs\nortonut2002\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
D:\Programs\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\PnkBstrA.exe
d:\programs\Speed Disk\nopdb.exe
D:\Programs\KerioFW\kpf4ss.exe
D:\Programs\Widgets\YahooWidgets.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Programs\KerioFW\kpf4gui.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
D:\Programs\KerioFW\kpf4gui.exe
D:\Programs\FlashGet\flashget.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programs\TuneUp 2008\OneClick.exe
D:\Programs\TuneUp 2008\RegistryCleaner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Opera\opera.exe
D:\Programs\HJthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://chat.icq.com/icqchat/chatroom.php?c_id=23
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Programs\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programs\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Programs\FlashGet\getflash.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\dumeter.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [AWMON] "D:\Programs\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Startup: Yahoo! Widgets.lnk = D:\Programs\Widgets\YahooWidgets.exe
O4 - Global Startup: Creative Volume Panel.lnk = D:\Programs\X-Fi\Volume Panel\VolPanel.exe
O8 - Extra context menu item: &Stiahnuť položku pomocou FlashGetu - D:\Programs\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stiahnuť všetky položky pomocou FlashGetu - D:\Programs\FlashGet\jc_all.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programs\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programs\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programs\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programs\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://marzobb.spaces.live.com//PhotoUp ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 6449418968
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6449392375
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/online2/bejeweled ... der_v6.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{869178B2-5A7A-41A1-B3AE-79A4CA09CE68}: NameServer = 192.168.202.213,192.168.202.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programs\NOD32inst\nod32krn.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - d:\programs\nortonut2002\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nb) (pr2ah4nb) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nb.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Speed Disk service - Symantec Corporation - d:\programs\Speed Disk\nopdb.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - D:\Programs\KerioFW\kpf4ss.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe







_________________
Bezpodpisoid fórumový
Offline

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 12.06.08
Prihlásený: 16.09.10
Príspevky: 440
Témy: 4
Príspevok NapísalOffline : 06.07.2008 1:32

Ahoj, nevidim tam ziadny malware. Mas podozrenie, ze by tam malo byt nieco skryte? Ak nie, tak len povypinat/odinstalovat zbytocne programy, vycistit docasne adresare, defragmentacia.


Offline

Skúsený užívateľ
Skúsený užívateľ
kontrola HJT

Registrovaný: 10.07.07
Prihlásený: 02.11.17
Príspevky: 1060
Témy: 0
Bydlisko: Bratislava
Príspevok NapísalOffline : 06.07.2008 3:20

Par veci,vlastne "asi viac", ale pouzivas aj dost specifikovane programy (a su najskor O.K.), tak radsej najskor posli vypis z combofix.. aspon sa eliminuje vypis ...a uvidim historiu aj posledne nainstalovane aplikacie...

Stiahni si http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Po spusteni posli vypis:

//Inak prehliadace mas zaprasene ...vidiet BHO, ale z praxe, nie si sam, je to mozne opravit :)







_________________
Nebo je modre, voda je mokra...
Offline

Čestný člen
Čestný člen
kontrola HJT

Registrovaný: 10.11.05
Príspevky: 1342
Témy: 67
Bydlisko: Banská Byst...
Príspevok Napísal autor témyOffline : 06.07.2008 11:58

((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.

2008-07-06 01:30 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-03 15:31 . 2008-07-03 15:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-03 15:31 . 2008-07-03 15:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-01 19:24 . 2008-07-01 19:24 <DIR> d-------- C:\WINDOWS\Sun
2008-06-18 18:18 . 2008-06-18 18:18 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-18 18:18 . 2008-06-18 18:18 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-06-18 18:15 . 2008-06-18 18:15 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-06-18 18:15 . 2008-06-18 18:15 21,672 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2008-06-18 18:15 . 2008-06-18 18:15 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2008-06-16 16:48 . 2008-06-16 16:54 <DIR> d-------- C:\WINDOWS\NV888244.TMP
2008-06-12 23:47 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 23:47 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 11:39 --------- d-----w C:\Program Files\SpeedFan
2008-07-06 10:54 --------- d-----w C:\Program Files\Yahoo!
2008-07-06 10:49 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-07-06 10:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-07-06 10:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 10:27 --------- d-----w C:\Program Files\Folder Lock
2008-07-06 10:26 20 ----a-w C:\sccfg.sys
2008-07-06 10:14 --------- d-----w C:\Program Files\ICQToolbar
2008-07-06 00:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-05 23:30 355,584 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-05 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-07-05 23:23 --------- d-----w C:\Program Files\Spyware Terminator
2008-07-05 23:23 --------- d-----w C:\Documents and Settings\Proxxxycon\Application Data\Spyware Terminator
2008-07-05 16:19 161,396 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-22 20:17 --------- d-----w C:\Documents and Settings\Proxxxycon\Application Data\Skype
2008-06-21 13:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-06-13 16:22 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 14:47 --------- d-----w C:\Program Files\Opera
2008-05-16 11:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 03:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 03:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 03:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 03:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 03:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 03:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 03:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 03:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 03:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 03:40 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 23:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 22:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 22:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 22:13 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 22:13 12,800 ------w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 22:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 22:01 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 22:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 21:45 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 21:09 438,784 ------w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 21:09 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 21:09 187,392 ------w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 21:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 21:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 20:58 2,940,928 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-13 20:57 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 20:56 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 20:54 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 20:53 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-13 20:53 168,448 ------w C:\WINDOWS\system32\wmerror.dll
2008-04-13 20:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 20:39 4,096 ------w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 20:33 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 20:33 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 20:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 20:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 19:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 19:52 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 19:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-12 12:52 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-04 09:11 28,120 ----a-w C:\Documents and Settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2006-12-01 09:31 22,296 ----a-w C:\Documents and Settings\Proxxxycon\Application Data\GDIPFONTCACHEV1.DAT
1995-09-22 23:10 106,496 ----a-w C:\Documents and Settings\Proxxxycon\SUPER_PI.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-07-06_11.47.10,71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-06 08:47:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-06 11:38:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-01 22:09:15 177,856 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-07-06 10:57:19 177,056 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWMON"="D:\Programs\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12 517632]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2007-10-15 16:19 2582288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [X]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 02:27 65536]
"DU Meter"="C:\Program Files\DU Meter\dumeter.exe" [2007-10-15 16:19 2582288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360]

C:\Documents and Settings\Guest\Start Menu\Programs\Startup\
Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe [2006-08-23 22:15:03 625664]

C:\Documents and Settings\Proxxxycon\Start Menu\Programs\Startup\
SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2007-09-17 19:04:02 2902528]
Yahoo! Widgets.lnk - D:\Programs\Widgets\YahooWidgets.exe [2007-12-12 00:34:48 3746856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Creative Volume Panel.lnk - D:\Programs\X-Fi\Volume Panel\VolPanel.exe [2007-11-29 02:25:50 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programs\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Programs\\FlashGet\\flashget.exe"=
"D:\\Programs\\BearShare\\BearShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Programs\\iTunes 7.4\\iTunes.exe"=
"D:\\Games\\Assassins CZ\\AssassinsCreed_Dx9.exe"=
"D:\\Games\\Assassins CZ\\AssassinsCreed_Dx10.exe"=
"D:\\Games\\Assassins CZ\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Si3132r5;SiI-3132 SoftRaid 5 Controller;C:\WINDOWS\system32\DRIVERS\Si3132r5.sys [2007-06-01 19:28]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 11:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 11:21]
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 16:19]
R2 SPF4;Sunbelt Personal Firewall 4;D:\Programs\KerioFW\kpf4ss.exe [2007-04-26 11:21]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R3 DDCCI;DDC/CI monitor;C:\WINDOWS\system32\DRIVERS\Moni2c.sys [2008-01-24 17:39]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 09:36]
R3 krait03;Razer krait USB Filter Driver;C:\WINDOWS\system32\Drivers\krait.sys [2005-12-07 17:27]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-05-21 21:15]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-14 00:26]
S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys []
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-06-18 18:15]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 12:11]
S3 NDSPCIIO;NDSPCIIO;C:\WINDOWS\system32\DRIVERS\NDSPCIIO.SYS []
S3 s3m;s3m;C:\WINDOWS\system32\DRIVERS\s3m.sys [2001-08-17 13:50]
S3 TCCrystalCpuInfo;TCCrystalCpuInfo;C:\DOCUME~1\PROXXX~1\LOCALS~1\Temp\TCCpuInfo.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-06 01:30]
S3 TVICHW32;TVICHW32;C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [2007-01-18 13:38]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c341a356-76eb-11db-a1fc-0015f2b16d93}]
\Shell\AutoRun\command - E:\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-07-06 11:38:46 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Programs\TuneUp 2008\OneClickStarter.exe
"2008-06-17 09:55:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-06 11:41:22 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 13:52:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]
"ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> D:\Programs\NOD32inst\pr_imon.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\LClock\LC.dll
.
Completion time: 2008-07-06 13:55:01
ComboFix-quarantined-files.txt 2008-07-06 11:54:38
ComboFix2.txt 2008-07-06 09:48:26

Pre-Run: 4,652,949,504 bytes free
15 adresárov, 4,630,319,104 voľných bajtov

204 --- E O F --- 2008-07-04 06:32:37







_________________
Bezpodpisoid fórumový
Odpovedať na tému [ Príspevkov: 4 ] 


Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy. HJT kontrola

v Antivíry a antispywary

9

574

09.07.2008 14:30

domcek Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Kontrola logu HJT

v Antivíry a antispywary

1

667

27.10.2007 14:10

Rbot Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Kontrola logu HJT

v Antivíry a antispywary

3

654

17.01.2008 22:18

yaJohny Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. pls kontrola hjt

v Antivíry a antispywary

1

492

08.07.2008 17:46

Tomas1 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Kontrola Logu z hjt

v Antivíry a antispywary

19

800

10.12.2007 20:19

Dzimbo Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Kontrola logu s HJT

v Antivíry a antispywary

7

605

11.06.2008 17:10

Hellboy248 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Kontrola logu s HJT

v Antivíry a antispywary

25

1220

06.06.2008 13:13

yaJohny Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. PLS kontrola log z HJT

v Antivíry a antispywary

22

1132

05.01.2008 12:14

Mandy Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. HJT

v Antivíry a antispywary

15

1462

10.01.2008 22:48

OmeGa Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Preventívka HJT

v Antivíry a antispywary

5

495

06.07.2008 16:11

McDog Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. poistenie + HJT log

v Antivíry a antispywary

1

608

05.10.2008 2:27

Roberbo Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. HJT log - otazka

v Antivíry a antispywary

3

521

05.08.2008 1:13

Roberbo Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. prosim o kontrolu HJT

v Antivíry a antispywary

10

777

08.01.2008 0:40

domcek Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. prosim o kontrolu HJT

v Antivíry a antispywary

1

564

09.11.2007 15:45

Rbot Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. prosím kontrolu logu HJT

v Antivíry a antispywary

9

612

14.12.2007 19:04

alan Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. prosim o kontrolu HJT

v Antivíry a antispywary

5

537

08.07.2008 1:16

domcek Zobrazenie posledných príspevkov


Nemôžete zakladať nové témy v tomto fóre
Nemôžete odpovedať na témy v tomto fóre
Nemôžete upravovať svoje príspevky v tomto fóre
Nemôžete mazať svoje príspevky v tomto fóre

Skočiť na:  

Powered by phpBB Jarvis © 2005 - 2024 PCforum, webhosting by WebSupport, secured by GeoTrust, edited by JanoF
Ako väčšina webových stránok aj my používame cookies. Zotrvaním na webovej stránke súhlasíte, že ich môžeme používať.
Všeobecné podmienky, spracovanie osobných údajov a pravidlá fóra