[ Príspevkov: 19 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.03.08
Prihlásený: 22.11.17
Príspevky: 39
Témy: 11 | 11
Bydlisko: Nitra
NapísalOffline : 12.06.2008 15:38 | Odstránenie vírusu

caute, prosím o pomoc pri odstránení značného množstva vírusov v mojom pc, dakujem. ;)


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno
NapísalOffline : 12.06.2008 15:39 | Odstránenie vírusu

log z Hijackthis:
http://www.pcforum.sk/cistime-napadnuty ... 27265.html


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.03.08
Prihlásený: 22.11.17
Príspevky: 39
Témy: 11 | 11
Bydlisko: Nitra
Napísal autor témyOffline : 12.06.2008 15:42 | Odstránenie vírusu

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:48, on 12.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAB4SWK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqdstcp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gespa.szm.sk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {EA2683D6-5700-45ED-AA01-8D66F1637E5D} - C:\WINDOWS\system32\khfec.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5242 bytes


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno
NapísalOffline : 12.06.2008 15:51 | Odstránenie vírusu

este log z combofixu
http://www.pcforum.sk/cistime-napadnuty ... 27265.html

vypnut rezidentnu ochranu a zapnut combofix podla navodu


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.03.08
Prihlásený: 22.11.17
Príspevky: 39
Témy: 11 | 11
Bydlisko: Nitra
Napísal autor témyOffline : 12.06.2008 16:06 | Odstránenie vírusu

ComboFix 08-06-10.5 - PETO 2008-06-12 16:02:21.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.676 [GMT 2:00]
Running from: D:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\WINDOWS\123messenger.per
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\browserad.dll
C:\WINDOWS\didduid.ini
C:\WINDOWS\FLEOK
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\licencia.txt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\ntnut.exe
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\winsb.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

2008-06-11 10:38 . 2008-04-14 13:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 15:57 . 2008-06-06 15:58 162 --a------ C:\$temp$.html
2008-06-06 15:55 . 2008-06-06 15:55 <DIR> d-------- C:\Program Files\Golden
2008-05-12 18:44 . 2008-05-12 18:44 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-12 18:44 . 2008-05-12 18:44 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-12 18:44 . 2008-05-12 18:44 <DIR> d-------- C:\Program Files\MSBuild
2008-05-12 18:43 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-12 18:37 . 2008-05-12 18:37 <DIR> d-------- C:\Program Files\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 09:56 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-11 10:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-02 21:20 --------- d-----w C:\Program Files\Opera
2008-05-29 13:07 --------- d-----w C:\Documents and Settings\PETO\Application Data\Skype
2008-05-29 09:05 --------- d-----w C:\Documents and Settings\PETO\Application Data\skypePM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 12:24 --------- d-----w C:\Program Files\Spyware Terminator
2008-05-03 09:15 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-25 18:10 --------- d-----w C:\Program Files\RAPID UPLOADER
2008-04-22 12:56 --------- d-----w C:\Program Files\2K Sports
2008-04-22 11:02 160,432 ----a-w C:\WINDOWS\Winter Challenge 2008 Uninstaller.exe
2008-04-22 11:01 --------- d-----w C:\Program Files\Kalypso
2008-04-22 08:32 --------- d-----w C:\Program Files\ICQ6
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-15 13:35 --------- d-----w C:\Program Files\LAN Consult
2008-04-15 13:19 --------- d-----w C:\Documents and Settings\PETO\Application Data\Faktury Plus
2008-04-15 13:08 --------- d-----w C:\Program Files\Faktury Plus
2008-04-14 11:01 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-12 17:33 --------- d-----w C:\Program Files\EA SPORTS
2008-04-12 17:11 --------- d-----w C:\Documents and Settings\PETO\Application Data\Passolo Demo
2008-04-12 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Passolo Demo
2008-03-28 21:31 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-03-28 21:31 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 23:41 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-08 03:20 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA2683D6-5700-45ED-AA01-8D66F1637E5D}]
C:\WINDOWS\system32\khfec.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-12 11:56 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 09:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 09:19 323584 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-03 11:15 1817600]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"P17Helper"="P17.dll" [2005-05-03 20:38 64512 C:\WINDOWS\system32\P17.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Samsung Multimedia Keyboard.lnk - C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe [2008-01-08 01:39:37 585728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-12 11:56 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Akcelerátor spuštění AutoCADu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Akcelerátor spuštění AutoCADu.lnk
backup=C:\WINDOWS\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2002-09-11 13:58 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a------ 2002-09-11 13:57 45056 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-09-09 18:16 90112 C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
--a------ 2003-09-23 12:04 32768 C:\PROGRA~1\Pinnacle Systems\PPE\PPE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2003-12-04 13:34 406016 C:\WINDOWS\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-17 11:42 69632 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--a------ 2008-02-20 17:19 356352 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-05-03 11:15]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 08:04]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\WINDOWS\system32\DRIVERS\s916bus.sys [2007-11-02 12:47]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 13:55]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 13:55]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 13:55]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 13:56]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 13:56]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 13:56]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 13:56]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 16:03:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-12 16:04:35
ComboFix-quarantined-files.txt 2008-06-12 14:04:32

Pre-Run: 11,039,105,024 bytes free
Post-Run: 11,029,385,216 bytes free

175 --- E O F --- 2008-06-11 08:50:35


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno
NapísalOffline : 12.06.2008 16:25 | Odstránenie vírusu

spusti combofix so scriptom

Kód:
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA2683D6-5700-45ED-AA01-8D66F1637E5D}]


fix v hijackthis:
O2 - BHO: (no name) - {EA2683D6-5700-45ED-AA01-8D66F1637E5D} - C:\WINDOWS\system32\khfec.dll (file missing)

inak OK, mavas nejake problemy?


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.03.08
Prihlásený: 22.11.17
Príspevky: 39
Témy: 11 | 11
Bydlisko: Nitra
Napísal autor témyOffline : 12.06.2008 16:35 | Odstránenie vírusu

ani nie, nemavam ale dnes som robil komplet scanning cez antispyware, ad-aware, antivirus a naslo mi asi 2-3 trojanov a vselijake ine hovadiny ktore sa nedali nijak odstranit....
Preco si sa pytal???
a inak dik za pomoc...ste tu vsetci hrozne napomocni... ;-)


Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.03.08
Prihlásený: 22.11.17
Príspevky: 39
Témy: 11 | 11
Bydlisko: Nitra
Napísal autor témyOffline : 12.06.2008 16:46 | Odstránenie vírusu

ale ja v hijackthis nemam taký súbor, čo si mi napísal??? :-O


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno
NapísalOffline : 12.06.2008 16:49 | Odstránenie vírusu

jj uz nemas :) som ti to dal duplicitne :D postni este log z C:\combofix.txt a potom daj start-spustit a zadaj prikaz ComboFix /u
.


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.03.08
Prihlásený: 22.11.17
Príspevky: 39
Témy: 11 | 11
Bydlisko: Nitra
Napísal autor témyOffline : 12.06.2008 16:58 | Odstránenie vírusu

tomuto poslednému nerozumiem, čo mám prosím ťa presne spraviť, lebo ten text. subor combofix.txt ja neviem nikde nájsť a už som to všetko prebehol tým T-Cleanerom....?


Offline

Skúsený užívateľ
Skúsený užívateľ
Odstránenie vírusu

Registrovaný: 10.07.07
Prihlásený: 02.11.17
Príspevky: 1060
Témy: 0 | 0
Bydlisko: Bratislava
NapísalOffline : 15.06.2008 1:56 | Odstránenie vírusu

Hej,
a
zaroven si stiahni:
ftp://ftp.microworldsystems.com/download/tools/mwav.exe

a potom:

1.Pred spustenim scanu vykonaj aktualizaciu (je tam gombik).

Po skonceni!
2. mysou oznac len pole "informace o nalezenych hrozbach" ;)
a vykonaj ctrl-C ..tento obsah sa oznaci pre nasledne kopirovanie..
a cez Ctrl-V ho vlozis priamo sem do fora.

Potom sa da riesit..


_________________
Nebo je modre, voda je mokra...
Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.03.08
Prihlásený: 22.11.17
Príspevky: 39
Témy: 11 | 11
Bydlisko: Nitra
Napísal autor témyOffline : 16.06.2008 11:54 | Odstránenie vírusu

zoskenoval som systém Avirou Antivirusom a nevedelo mi preveriť súbor pagefile.sys??? neviete o aký súbor náhodou ide???

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'


Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.03.08
Prihlásený: 22.11.17
Príspevky: 39
Témy: 11 | 11
Bydlisko: Nitra
Napísal autor témyOffline : 16.06.2008 13:47 | Odstránenie vírusu

16 VI 2008 13:38:36 - ***** Checking for specific ITW Viruses *****
16 VI 2008 13:38:36 - Checking for Welchia Virus...
16 VI 2008 13:38:36 - Checking for LovGate Virus...
16 VI 2008 13:38:36 - Checking for CodeRed Virus...
16 VI 2008 13:38:36 - Checking for OpaServ Virus...
16 VI 2008 13:38:36 - Checking for Sobig.e Virus...
16 VI 2008 13:38:36 - Checking for Winupie Virus...
16 VI 2008 13:38:36 - Checking for Swen Virus...
16 VI 2008 13:38:36 - Checking for JS.Fortnight Virus...
16 VI 2008 13:38:36 - Checking for Novarg Virus...
16 VI 2008 13:38:36 - Checking for Pagabot Virus...
16 VI 2008 13:38:36 - Checking for Parite.b Virus...
16 VI 2008 13:38:36 - Checking for Parite.a Virus...
16 VI 2008 13:38:36 - Checking for Adware.SeekSeek Virus...

16 VI 2008 13:38:36 - ***** Scanning complete. *****
16 VI 2008 13:38:36 - Total Objects Scanned: 82420
16 VI 2008 13:38:36 - Total Critical Objects: 0
16 VI 2008 13:38:36 - Total Disinfected Objects: 0
16 VI 2008 13:38:36 - Total Objects Renamed: 0
16 VI 2008 13:38:36 - Total Deleted Objects: 0
16 VI 2008 13:38:36 - Total Errors: 10
16 VI 2008 13:38:36 - Time Elapsed: 01:39:42
16 VI 2008 13:38:36 - Virus Database Date: 16 Jun 2008
16 VI 2008 13:38:36 - Virus Database Count: 870949

16 VI 2008 13:38:36 - Scan Completed.


Offline

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 12.06.08
Prihlásený: 16.09.10
Príspevky: 440
Témy: 4 | 4
NapísalOffline : 16.06.2008 18:00 | Odstránenie vírusu

Je to v poriadku.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.03.07
Prihlásený: 28.07.16
Príspevky: 4153
Témy: 251 | 251
Bydlisko: Michalovce
NapísalOffline : 16.06.2008 18:23 | Odstránenie vírusu

jaguar - to druhé okno..
Aj tak nič kritické len asi 10 chýb (zlých starých odkazov v registroch)


_________________
PC1: Intel Core i5 4690k / MSI Z97 Gaming 3 / Kingston HyperX Fury 8GB DDR3 / MSI R9 380 Gaming 2GB / Crucial MX100 256GB SSD / Samsung EcoGreen F3 HD105SI 1TB SATA / CoolerMaster G450M / LG IPS235P

PC2: AMD Phenom II X4 955 / ASUS M5A97 PRO / Kingston 8GB Kit DDR3 / grafika RIP :( /

NTB: Lenovo IdeaPad Y580 - Intel Core i5 3210 / 15.6" 1080p / 8GB DDR3 / NVIDIA GeForce GTX660M 2GB / SSD 90GB Intel 525 mSATA / HDD 1TB 5400 RPM
Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.03.08
Prihlásený: 22.11.17
Príspevky: 39
Témy: 11 | 11
Bydlisko: Nitra
Napísal autor témyOffline : 17.06.2008 12:53 | Odstránenie vírusu

takže som rád, že sa to vyriešilo,
veľká vďaka Vám všetkým :)


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.01.11
Prihlásený: 29.01.11
Príspevky: 1
Témy: 0 | 0
NapísalOffline : 29.01.2011 14:37 | Odstránenie vírusu

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:15:38, on 29. 1. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3Trayp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\system32\wbem\wmiapsrv.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Uniblue\DriverScanner\DriverScanner.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3Trayp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [Z810SysStart] C:\Program Files\Connection Manager\sysctrl.exe
O4 - HKLM\..\Run: [Z810PNP] C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Z810SysStart] C:\Program Files\Connection Manager\sysctrl.exe
O4 - HKCU\..\Run: [Z810PNP] C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6272 bytes

// pridané po 1 hodine 39 minútach od posledného príspevku

ComboFix 11-01-28.03 - Admin . 01. 2011 12:52:02.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1406.999 [GMT 1]
Spuštěný z: c:\program files\Wasko PROGRAMS\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-12-28 do 2011-01-29 )))))))))))))))))))))))))))))))
.

2011-01-29 11:07 . 2011-01-29 11:07 -------- d-----w- c:\documents and settings\Admin\DoctorWeb
2011-01-29 10:40 . 2011-01-29 10:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-01-29 10:40 . 2011-01-29 10:40 -------- d-----w- c:\documents and settings\Admin\Data aplikací\SUPERAntiSpyware.com
2011-01-29 10:40 . 2011-01-29 10:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-29 10:38 . 2011-01-29 10:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Google Updater
2011-01-29 10:11 . 2011-01-29 10:11 388096 ----a-r- c:\documents and settings\Admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-29 10:11 . 2011-01-29 10:11 -------- d-----w- c:\program files\Trend Micro
2011-01-29 09:54 . 2011-01-29 09:54 390144 ----a-w- c:\windows\system32\CF19599.exe
2011-01-29 09:54 . 2011-01-29 09:54 390144 ----a-w- c:\windows\system32\CF19501.exe
2011-01-29 09:54 . 2011-01-29 09:52 390144 ----a-w- c:\windows\system32\CF19227.exe
2011-01-28 18:04 . 2011-01-28 18:17 -------- d-----w- c:\program files\AtomixMP3
2011-01-28 17:39 . 2011-01-28 17:39 -------- d-----w- c:\documents and settings\Admin\Data aplikací\DVDVideoSoftIEHelpers
2011-01-28 17:39 . 2011-01-28 17:39 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-01-28 17:39 . 2011-01-28 17:39 -------- d-----w- c:\program files\DVDVideoSoft
2011-01-17 14:43 . 2011-01-17 14:43 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Weather forecast v1
2011-01-17 14:42 . 2011-01-17 14:42 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-09 23:37 . 2011-01-09 23:37 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2011-01-09 09:39 . 2011-01-09 09:39 -------- d-----w- c:\program files\Sony Ericsson
2011-01-09 01:27 . 2007-07-06 09:34 4096 ----a-w- c:\windows\ndridev.dll
2011-01-08 21:43 . 2011-01-08 21:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-01-03 10:26 . 2011-01-03 10:57 -------- d-----w- c:\documents and settings\Admin\Data aplikací\PhotoScape
2011-01-03 10:23 . 2011-01-03 10:23 -------- d-----w- c:\program files\PhotoScape

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2062-12-31 22:00 . 2062-12-31 22:00 53248 ----a-w- c:\windows\sm56cht.dll
2062-12-31 22:00 . 2062-12-31 22:00 53248 ----a-w- c:\windows\sm56chs.dll
2062-12-31 22:00 . 2010-10-26 12:05 61440 ----a-w- c:\windows\system32\vuins32.dll
2062-12-31 22:00 . 2010-10-26 12:05 42496 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2010-12-14 23:11 . 2010-12-14 23:12 94336 ----a-w- c:\windows\system32\drivers\IT9135BDA.sys
2010-12-14 02:03 . 2010-12-14 02:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-14 02:03 . 2010-12-14 02:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-18 18:15 . 2010-10-26 11:47 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-10-26 12:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-10-26 11:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-09 14:51 . 2009-09-28 13:35 253952 ----a-w- c:\windows\system32\odbc32.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-02 15:17 . 2008-04-13 22:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.

------- Sigcheck -------

[-] 2009-09-28 . 66E217E5E009815E06BA4F632794B731 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-01-29_10.06.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-29 11:41 . 2011-01-29 11:41 16384 c:\windows\Temp\Perflib_Perfdata_2c4.dat
+ 2011-01-29 10:11 . 2011-01-29 10:11 1094656 c:\windows\Installer\6053dc.msi
+ 2009-09-28 13:40 . 2011-01-04 16:20 37403080 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Z810SysStart"="c:\program files\Connection Manager\sysctrl.exe" [2008-09-01 307200]
"Z810PNP"="c:\program files\Connection Manager\SamsungPnPServiceManager.exe" [2008-09-09 122880]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-29 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"VTTimer"="VTTimer.exe" [2006-08-03 53248]
"S3Trayp"="S3Trayp.exe" [2006-07-11 176128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-11 794714]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-09-29 720896]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2062-12-31 565248]
"Z810SysStart"="c:\program files\Connection Manager\sysctrl.exe" [2008-09-01 307200]
"Z810PNP"="c:\program files\Connection Manager\SamsungPnPServiceManager.exe" [2008-09-09 122880]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-12-14 202256]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-09-28 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [26. 10. 2010 16:18 40560]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 7. 2010 12:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3. 8. 2010 12:28 95896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17. 2. 2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10. 5. 2010 19:41 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [4. 11. 2010 17:15 810144]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [18. 12. 2010 4:50 27632]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [26. 10. 2010 14:03 217600]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [28. 9. 2009 14:38 9472]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3. 1. 2011 11:23 135664]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [9. 1. 2011 10:39 90112]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [15. 12. 2010 0:12 94336]
.
Obsah adresáře 'Naplánované úlohy'

2011-01-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-29 10]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 10]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 10]

2011-01-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1606980848-1177238915-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02]

2011-01-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1606980848-1177238915-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\9nfxx06u.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: VideoSurf Videos at a Glance: videosurf_enhanced@videosurf.com - %profile%\extensions\videosurf_enhanced@videosurf.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-29 12:55
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
Z810SysStart = c:\program files\Connection Manager\sysctrl.exe??F=??????????????9%[}?????([????????????59%[?F=??F=?<?A?I:%[????<?A?????????????<?A?????4?6~????}??????????????????????????????? ?7~??6~????????Z?6~@???*?6~???????????????????????????????????????????????????
Z810PNP = c:\program files\Connection Manager\SamsungPnPServiceManager.exe???????|????h???????n??|????????@???`???x???`??????|????????????????????@???????????????????????????d??????????|????0???A??||??????????|????H???A??|????]??|???????????|????????=??w????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Z810SysStart = c:\program files\Connection Manager\sysctrl.exe??F=??????????????9%[}?????([????????????59%[?F=??F=?<?A?I:%[????<?A?????????????<?A?????4?6~????}??????????????????????????????? ?7~??6~????????Z?6~@???*?6~???????????????????????????????????????????????????
Z810PNP = c:\program files\Connection Manager\SamsungPnPServiceManager.exe???????|????h???????n??|????????@???`???x???`??????|????????????????????@???????????????????????????d??????????|????0???A??||??????????|????H???A??|????]??|???????????|????????=??w????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(908)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(1876)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-01-29 12:57:07
ComboFix-quarantined-files.txt 2011-01-29 11:57
ComboFix2.txt 2011-01-29 10:07

Před spuštěním: 6 070 218 752
Po spuštění: 6 067 212 288

- - End Of File - - 15104926D6AF0F56010B31B1B12C7532

// pridané po 3 minútach od posledného príspevku

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:05:54, on 29. 1. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3Trayp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\system32\wbem\wmiapsrv.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3Trayp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [Z810SysStart] C:\Program Files\Connection Manager\sysctrl.exe
O4 - HKLM\..\Run: [Z810PNP] C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Z810SysStart] C:\Program Files\Connection Manager\sysctrl.exe
O4 - HKCU\..\Run: [Z810PNP] C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6655 bytes

// pridané po 1 hodine 28 minútach od posledného príspevku

ComboFix 11-01-28.03 - Admin . 01. 2011 14:19:48.9.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1406.902 [GMT 1]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-12-28 do 2011-01-29 )))))))))))))))))))))))))))))))
.

2011-01-29 13:15 . 2011-01-29 13:15 388096 ----a-r- c:\documents and settings\Admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-29 11:07 . 2011-01-29 11:07 -------- d-----w- c:\documents and settings\Admin\DoctorWeb
2011-01-29 10:40 . 2011-01-29 10:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-01-29 10:40 . 2011-01-29 10:40 -------- d-----w- c:\documents and settings\Admin\Data aplikací\SUPERAntiSpyware.com
2011-01-29 10:40 . 2011-01-29 10:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-29 10:38 . 2011-01-29 10:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Google Updater
2011-01-29 10:11 . 2011-01-29 10:11 -------- d-----w- c:\program files\Trend Micro
2011-01-29 09:54 . 2011-01-29 09:54 390144 ----a-w- c:\windows\system32\CF19599.exe
2011-01-29 09:54 . 2011-01-29 09:54 390144 ----a-w- c:\windows\system32\CF19501.exe
2011-01-29 09:54 . 2011-01-29 09:52 390144 ----a-w- c:\windows\system32\CF19227.exe
2011-01-28 18:04 . 2011-01-28 18:17 -------- d-----w- c:\program files\AtomixMP3
2011-01-28 17:39 . 2011-01-28 17:39 -------- d-----w- c:\documents and settings\Admin\Data aplikací\DVDVideoSoftIEHelpers
2011-01-28 17:39 . 2011-01-28 17:39 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-01-28 17:39 . 2011-01-28 17:39 -------- d-----w- c:\program files\DVDVideoSoft
2011-01-17 14:43 . 2011-01-17 14:43 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Weather forecast v1
2011-01-17 14:42 . 2011-01-17 14:42 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-09 23:37 . 2011-01-09 23:37 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2011-01-09 09:39 . 2011-01-09 09:39 -------- d-----w- c:\program files\Sony Ericsson
2011-01-09 01:27 . 2007-07-06 09:34 4096 ----a-w- c:\windows\ndridev.dll
2011-01-08 21:43 . 2011-01-08 21:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-01-03 10:26 . 2011-01-03 10:57 -------- d-----w- c:\documents and settings\Admin\Data aplikací\PhotoScape
2011-01-03 10:23 . 2011-01-03 10:23 -------- d-----w- c:\program files\PhotoScape

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2062-12-31 22:00 . 2062-12-31 22:00 53248 ----a-w- c:\windows\sm56cht.dll
2062-12-31 22:00 . 2062-12-31 22:00 53248 ----a-w- c:\windows\sm56chs.dll
2062-12-31 22:00 . 2010-10-26 12:05 61440 ----a-w- c:\windows\system32\vuins32.dll
2062-12-31 22:00 . 2010-10-26 12:05 42496 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2010-12-14 23:11 . 2010-12-14 23:12 94336 ----a-w- c:\windows\system32\drivers\IT9135BDA.sys
2010-12-14 02:03 . 2010-12-14 02:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-14 02:03 . 2010-12-14 02:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-18 18:15 . 2010-10-26 11:47 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-10-26 12:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-10-26 11:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-09 14:51 . 2009-09-28 13:35 253952 ----a-w- c:\windows\system32\odbc32.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-02 15:17 . 2008-04-13 22:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.

------- Sigcheck -------

[-] 2009-09-28 . 66E217E5E009815E06BA4F632794B731 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-01-29_10.06.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-29 12:37 . 2011-01-29 12:37 16384 c:\windows\Temp\Perflib_Perfdata_308.dat
+ 2011-01-29 13:15 . 2011-01-29 13:15 1094656 c:\windows\Installer\221b8b.msi
+ 2009-09-28 13:40 . 2011-01-04 16:20 37403080 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Z810SysStart"="c:\program files\Connection Manager\sysctrl.exe" [2008-09-01 307200]
"Z810PNP"="c:\program files\Connection Manager\SamsungPnPServiceManager.exe" [2008-09-09 122880]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-29 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"VTTimer"="VTTimer.exe" [2006-08-03 53248]
"S3Trayp"="S3Trayp.exe" [2006-07-11 176128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-11 794714]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-09-29 720896]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2062-12-31 565248]
"Z810SysStart"="c:\program files\Connection Manager\sysctrl.exe" [2008-09-01 307200]
"Z810PNP"="c:\program files\Connection Manager\SamsungPnPServiceManager.exe" [2008-09-09 122880]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-12-14 202256]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-09-28 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [26. 10. 2010 16:18 40560]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 7. 2010 12:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3. 8. 2010 12:28 95896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17. 2. 2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10. 5. 2010 19:41 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [4. 11. 2010 17:15 810144]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [18. 12. 2010 4:50 27632]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [26. 10. 2010 14:03 217600]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [28. 9. 2009 14:38 9472]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3. 1. 2011 11:23 135664]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [9. 1. 2011 10:39 90112]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [15. 12. 2010 0:12 94336]
.
Obsah adresáře 'Naplánované úlohy'

2011-01-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-29 10]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 10]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 10]

2011-01-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1606980848-1177238915-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02]

2011-01-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1606980848-1177238915-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\9nfxx06u.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: VideoSurf Videos at a Glance: videosurf_enhanced@videosurf.com - %profile%\extensions\videosurf_enhanced@videosurf.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-29 14:22
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
Z810SysStart = c:\program files\Connection Manager\sysctrl.exe??F=?????0????????9%[}?????([????????????59%[?F=??F=?<?A?I:%[????<?A?????????????<?A?????4?6~0???}??????????????????????????????? ?7~??6~????????Z?6~@???*?6~????0??????????????????????????????????????????????
Z810PNP = c:\program files\Connection Manager\SamsungPnPServiceManager.exe???????|????h???????n??|????????@???`???x???`??????|????????????????????@???????????????????????????d??????????|????0???A??||??????????|????H???A??|????]??|???????????|????????=??w????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Z810SysStart = c:\program files\Connection Manager\sysctrl.exe??F=?????0????????9%[}?????([????????????59%[?F=??F=?<?A?I:%[????<?A?????????????<?A?????4?6~0???}??????????????????????????????? ?7~??6~????????Z?6~@???*?6~????0??????????????????????????????????????????????
Z810PNP = c:\program files\Connection Manager\SamsungPnPServiceManager.exe???????|????h???????n??|????????@???`???x???`??????|????????????????????@???????????????????????????d??????????|????0???A??||??????????|????H???A??|????]??|???????????|????????=??w????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(904)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(3076)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-01-29 14:23:51
ComboFix-quarantined-files.txt 2011-01-29 13:23
ComboFix2.txt 2011-01-29 13:04
ComboFix3.txt 2011-01-29 12:52
ComboFix4.txt 2011-01-29 12:33
ComboFix5.txt 2011-01-29 13:19

Před spuštěním: 6 001 119 232
Po spuštění: 5 990 608 896

- - End Of File - - E2FE2CA4CC60451B8BAEDFFDC6999B2F

// pridané po 31 sekundách od posledného príspevku

ComboFix 11-01-28.03 - Admin . 01. 2011 13:47:00.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1406.968 [GMT 1]
Spuštěný z: c:\program files\Wasko PROGRAMS\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-12-28 do 2011-01-29 )))))))))))))))))))))))))))))))
.

2011-01-29 11:07 . 2011-01-29 11:07 -------- d-----w- c:\documents and settings\Admin\DoctorWeb
2011-01-29 10:40 . 2011-01-29 10:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-01-29 10:40 . 2011-01-29 10:40 -------- d-----w- c:\documents and settings\Admin\Data aplikací\SUPERAntiSpyware.com
2011-01-29 10:40 . 2011-01-29 10:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-29 10:38 . 2011-01-29 10:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Google Updater
2011-01-29 10:11 . 2011-01-29 10:11 388096 ----a-r- c:\documents and settings\Admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-29 10:11 . 2011-01-29 10:11 -------- d-----w- c:\program files\Trend Micro
2011-01-29 09:54 . 2011-01-29 09:54 390144 ----a-w- c:\windows\system32\CF19599.exe
2011-01-29 09:54 . 2011-01-29 09:54 390144 ----a-w- c:\windows\system32\CF19501.exe
2011-01-29 09:54 . 2011-01-29 09:52 390144 ----a-w- c:\windows\system32\CF19227.exe
2011-01-28 18:04 . 2011-01-28 18:17 -------- d-----w- c:\program files\AtomixMP3
2011-01-28 17:39 . 2011-01-28 17:39 -------- d-----w- c:\documents and settings\Admin\Data aplikací\DVDVideoSoftIEHelpers
2011-01-28 17:39 . 2011-01-28 17:39 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-01-28 17:39 . 2011-01-28 17:39 -------- d-----w- c:\program files\DVDVideoSoft
2011-01-17 14:43 . 2011-01-17 14:43 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Weather forecast v1
2011-01-17 14:42 . 2011-01-17 14:42 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-09 23:37 . 2011-01-09 23:37 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2011-01-09 09:39 . 2011-01-09 09:39 -------- d-----w- c:\program files\Sony Ericsson
2011-01-09 01:27 . 2007-07-06 09:34 4096 ----a-w- c:\windows\ndridev.dll
2011-01-08 21:43 . 2011-01-08 21:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-01-03 10:26 . 2011-01-03 10:57 -------- d-----w- c:\documents and settings\Admin\Data aplikací\PhotoScape
2011-01-03 10:23 . 2011-01-03 10:23 -------- d-----w- c:\program files\PhotoScape

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2062-12-31 22:00 . 2062-12-31 22:00 53248 ----a-w- c:\windows\sm56cht.dll
2062-12-31 22:00 . 2062-12-31 22:00 53248 ----a-w- c:\windows\sm56chs.dll
2062-12-31 22:00 . 2010-10-26 12:05 61440 ----a-w- c:\windows\system32\vuins32.dll
2062-12-31 22:00 . 2010-10-26 12:05 42496 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2010-12-14 23:11 . 2010-12-14 23:12 94336 ----a-w- c:\windows\system32\drivers\IT9135BDA.sys
2010-12-14 02:03 . 2010-12-14 02:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-14 02:03 . 2010-12-14 02:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-18 18:15 . 2010-10-26 11:47 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-10-26 12:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-10-26 11:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-09 14:51 . 2009-09-28 13:35 253952 ----a-w- c:\windows\system32\odbc32.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-02 15:17 . 2008-04-13 22:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.

------- Sigcheck -------

[-] 2009-09-28 . 66E217E5E009815E06BA4F632794B731 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-01-29_10.06.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-29 12:37 . 2011-01-29 12:37 16384 c:\windows\Temp\Perflib_Perfdata_308.dat
+ 2011-01-29 10:11 . 2011-01-29 10:11 1094656 c:\windows\Installer\6053dc.msi
+ 2009-09-28 13:40 . 2011-01-04 16:20 37403080 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Z810SysStart"="c:\program files\Connection Manager\sysctrl.exe" [2008-09-01 307200]
"Z810PNP"="c:\program files\Connection Manager\SamsungPnPServiceManager.exe" [2008-09-09 122880]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-29 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"VTTimer"="VTTimer.exe" [2006-08-03 53248]
"S3Trayp"="S3Trayp.exe" [2006-07-11 176128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-11 794714]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-09-29 720896]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2062-12-31 565248]
"Z810SysStart"="c:\program files\Connection Manager\sysctrl.exe" [2008-09-01 307200]
"Z810PNP"="c:\program files\Connection Manager\SamsungPnPServiceManager.exe" [2008-09-09 122880]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-12-14 202256]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-09-28 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [26. 10. 2010 16:18 40560]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 7. 2010 12:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3. 8. 2010 12:28 95896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17. 2. 2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10. 5. 2010 19:41 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [4. 11. 2010 17:15 810144]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [18. 12. 2010 4:50 27632]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [26. 10. 2010 14:03 217600]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [28. 9. 2009 14:38 9472]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3. 1. 2011 11:23 135664]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [9. 1. 2011 10:39 90112]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [15. 12. 2010 0:12 94336]
.
Obsah adresáře 'Naplánované úlohy'

2011-01-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-29 10]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 10]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 10]

2011-01-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1606980848-1177238915-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02]

2011-01-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1606980848-1177238915-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\9nfxx06u.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: VideoSurf Videos at a Glance: videosurf_enhanced@videosurf.com - %profile%\extensions\videosurf_enhanced@videosurf.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-29 13:51
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
Z810SysStart = c:\program files\Connection Manager\sysctrl.exe??F=?????0????????9%[}?????([????????????59%[?F=??F=?<?A?I:%[????<?A?????????????<?A?????4?6~0???}??????????????????????????????? ?7~??6~????????Z?6~@???*?6~????0??????????????????????????????????????????????
Z810PNP = c:\program files\Connection Manager\SamsungPnPServiceManager.exe???????|????h???????n??|????????@???`???x???`??????|????????????????????@???????????????????????????d??????????|????0???A??||??????????|????H???A??|????]??|???????????|????????=??w????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Z810SysStart = c:\program files\Connection Manager\sysctrl.exe??F=?????0????????9%[}?????([????????????59%[?F=??F=?<?A?I:%[????<?A?????????????<?A?????4?6~0???}??????????????????????????????? ?7~??6~????????Z?6~@???*?6~????0??????????????????????????????????????????????
Z810PNP = c:\program files\Connection Manager\SamsungPnPServiceManager.exe???????|????h???????n??|????????@???`???x???`??????|????????????????????@???????????????????????????d??????????|????0???A??||??????????|????H???A??|????]??|???????????|????????=??w????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(904)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(1884)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-01-29 13:52:19
ComboFix-quarantined-files.txt 2011-01-29 12:52
ComboFix2.txt 2011-01-29 12:33
ComboFix3.txt 2011-01-29 12:25
ComboFix4.txt 2011-01-29 12:18
ComboFix5.txt 2011-01-29 12:46

Před spuštěním: 6 071 357 440
Po spuštění: 6 061 281 280

- - End Of File - - 58AACDC96294BBB12BF409BEDE17ED4C

// pridané po 2 minútach od posledného príspevku

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:36:47, on 29. 1. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3Trayp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\windows\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Wasko PROGRAMS\hijack\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3Trayp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [Z810SysStart] C:\Program Files\Connection Manager\sysctrl.exe
O4 - HKLM\..\Run: [Z810PNP] C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Z810SysStart] C:\Program Files\Connection Manager\sysctrl.exe
O4 - HKCU\..\Run: [Z810PNP] C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6810 bytes


Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.07.10
Prihlásený: 18.09.16
Príspevky: 1198
Témy: 40 | 40
Bydlisko: Košice
NapísalOffline : 29.01.2011 17:38 | Odstránenie vírusu

Fúúú kamarat ti tam toho maš určite prve neš spustiš hocijake kontroly tak prejdi pc programom adwanced system care oprav registri a všetky ostatne chybi potom prekontroluj antivirakom a ked nepomože ťtak skus preinštalovat OS

// pridané po 37 sekundách od posledného príspevku

patrikos68 píše:
Fúúú kamarat ti tam toho maš určite prve neš spustiš hocijake kontroly tak prejdi pc programom adwanced system care oprav registri a všetky ostatne chybi potom prekontroluj antivirakom a ked nepomože ťtak skus preinštalovat OS
za gramatiku sa ospravedlnujem :)


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 30.01.11
Príspevky: 25
Témy: 1 | 1
NapísalOffline : 30.01.2011 14:26 | Odstránenie vírusu

Ahoj
Logy su ok, Adwanced system care,nedavaj na pocitac, je to cinsky smejd,databazu ma kradnutu od Malwarebytes, a nalezy su falosne, aby tak donutil uzivatela na kupu, plnej verzie.


 [ Príspevkov: 19 ] 


Odstránenie vírusu



Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy.

odstranenie vírusu

v Antivíry a antispywary

12

734

08.11.2011 17:10

Leslie12

V tomto fóre nie sú ďalšie neprečítané témy.

NOD (ESS) - odstranenie virusu

v Antivíry a antispywary

2

577

04.04.2011 14:27

Milos

V tomto fóre nie sú ďalšie neprečítané témy.

odstránenie vírusu Win32/Rustock trójsky kôň

v Antivíry a antispywary

5

3395

30.04.2010 0:02

blesko81

V tomto fóre nie sú ďalšie neprečítané témy.

Pomoc s odstránením vírusu

v Antivíry a antispywary

3

162

24.03.2014 23:05

4040

V tomto fóre nie sú ďalšie neprečítané témy.

Pomoc pri odstráneni pravdepodobného vírusu

v Antivíry a antispywary

15

1779

23.08.2008 20:13

Kosak

V tomto fóre nie sú ďalšie neprečítané témy.

Blbne PC....asi koli Virusu..Pls Help

v Antivíry a antispywary

10

603

25.02.2008 19:38

Qpkqkma

V tomto fóre nie sú ďalšie neprečítané témy.

Pomôže k odstráneniu vírusu obnovenie systému Windows?

v Bezpečnosť a firewally

3

159

30.08.2016 21:35

Smith Wesson

V tomto fóre nie sú ďalšie neprečítané témy.

Pomoc s reintalaciou windovsu koli zavaznemu virusu:D

v Operačné systémy Microsoft

9

208

28.10.2009 18:39

prandof

V tomto fóre nie sú ďalšie neprečítané témy.

Dá sa z antivíru nainštalovať len nástroj na detekciu vírusu

v Antivíry a antispywary

22

991

06.10.2009 9:15

tairikuokami

V tomto fóre nie sú ďalšie neprečítané témy.

odstranenie medzier

v PHP, ASP

9

925

03.09.2008 17:14

Tominator

V tomto fóre nie sú ďalšie neprečítané témy.

Odstránenie číslovania :/

[ Choď na stránku:Choď na stránku: 1, 2 ]

v HTML, XHTML, XML, CSS

35

486

13.04.2015 16:28

NextLevelPumu

V tomto fóre nie sú ďalšie neprečítané témy.

Odstránenie updatov

v Operačné systémy Microsoft

15

1645

27.08.2010 19:44

prandof

V tomto fóre nie sú ďalšie neprečítané témy.

odstranenie suboru

v Operačné systémy Microsoft

3

217

10.04.2011 15:53

guba

V tomto fóre nie sú ďalšie neprečítané témy.

odstranenie suborou

v Ostatné programy

10

325

18.07.2010 22:22

Nanosonda

V tomto fóre nie sú ďalšie neprečítané témy.

odstránenie zvuku

v Video programy

1

867

15.05.2010 17:29

ac.milan

V tomto fóre nie sú ďalšie neprečítané témy.

Odstránenie ubuntu

v Operačné systémy Unix a Linux

3

905

07.12.2008 0:45

branislav.poldauf



© 2005 - 2017 PCforum, edited by JanoF