Miranda - Spam

Dzimbo · Napísal **Dzimbo**: 01.03.2009 10:23

Takze strucne zhrniem problem...pred mesiacom dvoma mi zacali chodit spamy z nahodnych icq cisel pravdepodobne pisane v azbuke alebo inej hatlanine lebo ukazovalo nieco v zmysle

Citácia:

Ďđčâĺň. Ńĺăîäí˙ őîäčëč ďîäęëţ÷ŕňü íîâóţ ńčěęó. îęŕçűâŕĺňń˙, ńĺé÷ŕń ŕęöč˙ ďđîőîäčň: äo ęîíöŕ ěĺń˙öŕ ěîćíî ďoäęëţ÷čňü íŕ âńĺő îďĺđŕňîđŕő 2000 ěčíóň áĺńďëŕňíî, â ÷ĺńňü 20-ňčëĺňč˙ ďĺđâîăî oďĺđŕňîđŕ ěîáčëüíîé ńâ˙çč íŕ ňĺđđčňođčč ŃÍĂ. Oňďđŕâë˙ĺř cěc íŕ íîěĺđ 9099 ń ňĺęńňîě mem2000 ,č ďîëó÷ŕĺřü áĺńďëŕňíî 2000 ěčíóň. Ńóďĺđ, ďî

to by ani tak nevadilo, cislo som vymazal a dal do ignore...lenze teraz mi kamos napisal ze som mu nieco podobne poslal...tusim som to "poslal" aj Qpqkma lebo mi od neho prisla sprava "wtf?"

takze otazka jasna, co sa s tym da robit?

bayo15 · Napísal **bayo15**: 01.03.2009 10:42

Asi mas nieco v PC. Posli log z HJT.

Dzimbo · Napísal autor témy **Dzimbo**: 01.03.2009 11:31

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:47, on 1.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programy\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Programy\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
D:\Programy\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programy\Comodo\Firewall\cfp.exe
D:\Programy\FlashGet\FlashGet.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Programy\DAEMON Tools Lite\daemon.exe
D:\Programy\uTorrent\uTorrent.exe
C:\Documents and Settings\Dzimb0\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Programy\Yahoo!\Widgets\YahooWidgets.exe
D:\Programy\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Programy\Comodo\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
D:\Programy\Yahoo!\Widgets\YahooWidgets.exe
D:\Programy\Yahoo!\Widgets\YahooWidgets.exe
D:\Programy\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Programy\AIMP2\AIMP2.exe
D:\Programy\Aurora Miranda IM Pack 2\miranda32.exe
D:\Programy\Mozilla Firefox 3\firefox.exe
D:\Programy\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Programy\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Programy\FlashGet\getflash.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [avgnt] "D:\Programy\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Programy\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Programy\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Flashget] "D:\Programy\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "D:\Programy\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dzimb0\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = D:\Programy\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - D:\Programy\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - D:\Programy\FlashGet\jc_link.htm
O8 - Extra context menu item: Download Using &BitSpirit - D:\Programy\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\Programy\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programy\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programy\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programy\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Programy\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Programy\Comodo\Firewall\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Programy\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Programy\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Stalker (Pro) Drivers Auto Removal (pr2ajtsb) (pr2ajtsb) - 1C: Multimedia - C:\WINDOWS\system32\pr2ajtsb.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6864 bytes

KingTommy · Napísal **KingTommy**: 01.03.2009 12:10

Ja mám v ignore asi 20 takých "uživateľov" z toho asi 10 je pod menom môjho kamaráta. Upozorňoval som ho, ale on to má u prdele... JA mam PC čistý. Všetko hádžem do Ignore. Ale už asi 2 mesiace mi nič neprišlo.

bayo15 · Napísal **bayo15**: 01.03.2009 12:10

Tenti subor otestuj na www.virustotal.com

C:\WINDOWS\system32\pr2ajtsb.exe

Dzimbo · Napísal autor témy **Dzimbo**: 01.03.2009 12:37

nic...ciste

bayo15 · Napísal **bayo15**: 01.03.2009 13:02

Ta sluzba sa mi nezda. Na googly to vedie k rusakom a aj tak je onej malo informacii.

Start -> Spustit -> napis services.msc -> ENTER

Najdi sluzbu Stalker (Pro) Drivers Auto Removal a zastav / zakaz ju.

Ak by to sposobilo nejake problemy tak ju znovu zapni. Ak nie nechaj ju vypnutu a posli novy HJT log. A zisti ci spravy este odosiela.

Dzimbo · Napísal autor témy **Dzimbo**: 01.03.2009 13:42

bola vypnuta tak som ju vyskusal zapnut a vyhodilo nieco v zmysle ze sluzba sa spustila a zase zastavila a ze niektore sluzby sa vypnu ked nic nerobia...prikladam HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:04, on 1.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programy\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Programy\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
D:\Programy\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Programy\Comodo\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\System32\svchost.exe
D:\Programy\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programy\Comodo\Firewall\cfp.exe
D:\Programy\FlashGet\FlashGet.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Programy\DAEMON Tools Lite\daemon.exe
D:\Programy\uTorrent\uTorrent.exe
C:\Documents and Settings\Dzimb0\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Programy\Yahoo!\Widgets\YahooWidgets.exe
D:\Programy\Yahoo!\Widgets\YahooWidgets.exe
D:\Programy\Yahoo!\Widgets\YahooWidgets.exe
D:\Programy\Yahoo!\Widgets\YahooWidgets.exe
D:\Programy\Aurora Miranda IM Pack 2\miranda32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Programy\AIMP2\AIMP2.exe
D:\Programy\Total Commander 7.03\TOTALCMD.EXE
D:\Programy\Mozilla Firefox 3\firefox.exe
C:\WINDOWS\system32\mmc.exe
D:\Programy\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Programy\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Programy\FlashGet\getflash.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [avgnt] "D:\Programy\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Programy\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Programy\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Flashget] "D:\Programy\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "D:\Programy\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dzimb0\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = D:\Programy\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - D:\Programy\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - D:\Programy\FlashGet\jc_link.htm
O8 - Extra context menu item: Download Using &BitSpirit - D:\Programy\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\Programy\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programy\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programy\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,wbsys.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programy\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Programy\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Programy\Comodo\Firewall\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Programy\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Programy\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Stalker (Pro) Drivers Auto Removal (pr2ajtsb) (pr2ajtsb) - 1C: Multimedia - C:\WINDOWS\system32\pr2ajtsb.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7004 bytes

bayo15 · Napísal **bayo15**: 01.03.2009 14:32

Spravime to takto:

Aplikuj Combofix:

Citácia:

Stiahni si na plochu

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Nasledne ho spustite (ucet Administratora).
Po spusteni naskocia licencne podmienky s ktorymi suhlaste a pokracujte ANO/YES/OK.
Zacne sken pocas ktoreho neklikajte pomimo okna. Cely sken trva cca. 10 minut.
Po skene ComboFix vygeneruje log, ktory ulozi do cielovej jednotky, napr. c:\ s nazvom ComboFix.log.

Log skopiruj sem.

Dzimbo · Napísal autor témy **Dzimbo**: 01.03.2009 21:23

ComboFix 09-02-28.01 - Dzimb0 2009-03-01 21:16:45.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.2045.1450 [GMT 1:00]
Running from: c:\documents and settings\Dzimb0\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-02-01 to 2009-03-01 )))))))))))))))))))))))))))))))
.

2009-02-20 20:36 . 2009-02-20 21:11 <DIR> d-------- C:\Downloads
2009-02-20 09:28 . 2009-02-20 09:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\TrackMania
2009-02-15 19:25 . 2009-02-15 19:26 <DIR> d-------- c:\documents and settings\Dzimb0\Application Data\jabbim
2009-02-07 16:57 . 2009-02-07 16:57 <DIR> dr-h----- c:\documents and settings\Dzimb0\Application Data\SecuROM
2009-02-03 17:13 . 2003-03-19 05:05 89,088 --a------ c:\windows\system32\ATL71.DLL
2009-02-01 15:16 . 2009-02-01 15:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 20:20 --------- d-----w c:\documents and settings\Dzimb0\Application Data\uTorrent
2009-03-01 20:20 --------- d-----w c:\documents and settings\Dzimb0\Application Data\skypePM
2009-03-01 20:20 --------- d-----w c:\documents and settings\Dzimb0\Application Data\Skype
2009-03-01 14:27 --------- d-----w c:\documents and settings\Dzimb0\Application Data\LimeWire
2009-02-25 20:43 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-25 20:30 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-22 20:38 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-22 18:55 --------- d-----w c:\documents and settings\Dzimb0\Application Data\dvdcss
2009-02-21 07:02 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-01-31 22:34 --------- d-----w c:\program files\Google
2009-01-31 16:16 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-31 16:16 --------- d-----w c:\program files\AGEIA Technologies
2009-01-18 16:56 --------- d-----w c:\documents and settings\Dzimb0\Application Data\gtk-2.0
2009-01-13 21:29 --------- d-----w c:\documents and settings\Dzimb0\Application Data\Mp3tag
2009-01-10 18:45 --------- d-----w c:\program files\Yahoo!
2009-01-09 17:25 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-05 16:25 --------- d-----w c:\documents and settings\Dzimb0\Application Data\Mount&Blade
2009-01-05 14:10 --------- d-----w c:\documents and settings\Dzimb0\Application Data\BitSpirit
2009-01-01 21:39 --------- d-----w c:\documents and settings\Dzimb0\Application Data\Sony
2009-01-01 21:39 --------- d-----w c:\documents and settings\Dzimb0\Application Data\Publish Providers
2009-01-01 21:35 --------- d-----w c:\program files\Vstplugins
2008-12-26 14:16 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-24 13:28 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-19 23:30 81,920 ----a-w c:\windows\system32\frapsvid.dll
2008-12-17 09:57 129,552 ----a-w c:\windows\system32\VBoxNetFltNotify.dll
2008-12-11 14:00 147,192 ----a-w c:\windows\system32\guard32.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-10 21:57 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-12-10 19:55 558,142 ----a-w c:\windows\java\Packages\IA179J1B.ZIP
2008-12-10 19:55 155,995 ----a-w c:\windows\java\Packages\F5JLJN1B.ZIP
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll
2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll
2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-12-01 13:35 593,920 ------w c:\windows\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"uTorrent"="d:\programy\uTorrent\uTorrent.exe" [2009-02-19 270128]
"Google Update"="c:\documents and settings\Dzimb0\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-11 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\programy\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO Firewall Pro"="d:\programy\Comodo\Firewall\cfp.exe" [2008-12-11 1797880]
"COMODO Internet Security"="d:\programy\Comodo\Firewall\cfp.exe" [2008-12-11 1797880]
"Flashget"="d:\programy\FlashGet\FlashGet.exe" [2007-06-29 1990704]
"SigmatelSysTrayApp"="sttray.exe" [2006-05-26 c:\windows\sttray.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Dzimb0\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - d:\programy\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 d:\programy\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 d:\programy\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools]
--a------ 2007-08-27 13:42 517120 d:\programy\ATI Tray Tools\atitray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 20:21 57344 d:\programy\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-12-11 15:15 133104 c:\documents and settings\Dzimb0\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 d:\programy\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-24 14:28 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programy\\uTorrent\\uTorrent.exe"=
"d:\\Programy\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Programy\\Cerberus\\Cerberus.exe"=
"d:\\Programy\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programy\\BitSpirit\\BitSpirit.exe"=
"d:\\Programy\\FlashGet\\flashget.exe"=
"d:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"d:\\Program Files\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4X.exe"=
"d:\\Program Files\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ps6ajtsb;Stalker (Pro) Synchronization Driver (ps6ajtsb);c:\windows\system32\drivers\ps6ajtsb.sys [2007-03-05 52104]
R1 atitray;atitray;d:\programy\ATI Tray Tools\atitray.sys [2007-05-22 18088]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-12-10 101776]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-12-10 31504]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-01-10 100368]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-01-10 41680]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;d:\programy\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-12-10 68865]
R2 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-01-10 81360]
S0 pe3ajtsb;Stalker (Pro) Environment Driver (pe3ajtsb);c:\windows\system32\drivers\pe3ajtsb.sys [2007-03-05 65408]
S2 PDSched;PDScheduler;d:\programy\Raxco\PerfectDisk\PDSched.exe [2005-01-04 237635]
S2 pr2ajtsb;Stalker (Pro) Drivers Auto Removal (pr2ajtsb);c:\windows\system32\pr2ajtsb.exe svc --> c:\windows\system32\pr2ajtsb.exe svc [?]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-12-18 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-12-18 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-12-18 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-12-18 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-12-18 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-12-18 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-12-18 110120]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-02-27 c:\windows\Tasks\1-Click Maintenance.job
- d:\programy\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17]

2009-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-963894560-839522115-1003.job
- c:\documents and settings\Dzimb0\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-11 15:15]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-RGSC - d:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

.
------- Supplementary Scan -------
.
IE: &Stáhnout &vše FlashGetem - d:\programy\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - d:\programy\FlashGet\jc_link.htm
IE: Download Using &BitSpirit - d:\programy\BitSpirit\bsurl.htm
IE: E&xportovať do programu Microsoft Excel - d:\programy\MICROS~1\Office12\EXCEL.EXE/3000
IE: ÓĂ±ČĚŘľ«ÁéĎÂÔŘ(&B)
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dzimb0\Application Data\Mozilla\Firefox\Profiles\dj7lucw8.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.pcforum.sk/index.php
FF - plugin: c:\documents and settings\Dzimb0\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\programy\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programy\Mozilla Firefox 3\plugins\npyaxmpb.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: d:\programz\DivX\DivX Web Player\npdivx32.dll

---- FIREFOX POLICIES ----
d:\programy\Mozilla Firefox 3\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 21:20:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\Ati2evxx.dll
d:\programy\AlienGUIse\fastload.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
d:\programy\Avira\AntiVir PersonalEdition Classic\avguard.exe
d:\programy\Comodo\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-03-01 21:21:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-01 20:21:52

Pre-Run: 5 575 647 232 bytes free
Post-Run: 5,658,685,440 voľných bajtov

225

bayo15 · Napísal **bayo15**: 02.03.2009 7:26

Log je v poriadku. Ja este zistim dneska ci to moze sposobovat ta sluzba ak ano tak ju odstranime.

bayo15 · Napísal **bayo15**: 02.03.2009 19:09

Subor C:\WINDOWS\system32\pr2ajtsb.exe zraruj a posli na mail diallix@centrum.sk

don jebot · Napísal **don jebot**: 02.03.2009 20:09

tie spamy su z toho ze niekto "inteligntny" z tvojho zoznamu stiahol jeden exe subor co mu poslal nejaky rusak, ten sa spusti a zablokuje ti ucet a ziska tvoje kontakty a uz iba spamuju ..

Dzimbo · Napísal autor témy **Dzimbo**: 02.03.2009 20:20

jak? co? ja sa normalne dostanem na ucet aj pisat v pohode mozem iba rozosielam spamy ked som offline

idem poslat ten subor...

//poslane

don jebot · Napísal **don jebot**: 03.03.2009 11:24

zle som si to precital sry ... lepsie povedane nedocital ..

bayo15 · Napísal **bayo15**: 03.03.2009 16:48

Ten subor je cisty. ...

Dzimbo · Napísal autor témy **Dzimbo**: 05.03.2009 19:30

vyskusam este inu verziu mirandy a uvidim...

Miranda - Spam

Podobné témy