Obsah fóra
PravidláRegistrovaťPrihlásenie




Odpovedať na tému [ Príspevkov: 19 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.03.08
Prihlásený: 16.12.21
Príspevky: 39
Témy: 11
Bydlisko: Nitra
Príspevok NapísalOffline : 12.06.2008 15:38

caute, prosím o pomoc pri odstránení značného množstva vírusov v mojom pc, dakujem. ;)


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 12.06.2008 15:39

log z Hijackthis:
http://www.pcforum.sk/cistime-napadnuty ... 27265.html


Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.03.08
Prihlásený: 16.12.21
Príspevky: 39
Témy: 11
Bydlisko: Nitra
Príspevok Napísal autor témyOffline : 12.06.2008 15:42

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:48, on 12.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAB4SWK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqdstcp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gespa.szm.sk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {EA2683D6-5700-45ED-AA01-8D66F1637E5D} - C:\WINDOWS\system32\khfec.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5242 bytes


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 12.06.2008 15:51

este log z combofixu
http://www.pcforum.sk/cistime-napadnuty ... 27265.html

vypnut rezidentnu ochranu a zapnut combofix podla navodu


Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.03.08
Prihlásený: 16.12.21
Príspevky: 39
Témy: 11
Bydlisko: Nitra
Príspevok Napísal autor témyOffline : 12.06.2008 16:06

ComboFix 08-06-10.5 - PETO 2008-06-12 16:02:21.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.676 [GMT 2:00]
Running from: D:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\WINDOWS\123messenger.per
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\browserad.dll
C:\WINDOWS\didduid.ini
C:\WINDOWS\FLEOK
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\licencia.txt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\ntnut.exe
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\winsb.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

2008-06-11 10:38 . 2008-04-14 13:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 15:57 . 2008-06-06 15:58 162 --a------ C:\$temp$.html
2008-06-06 15:55 . 2008-06-06 15:55 <DIR> d-------- C:\Program Files\Golden
2008-05-12 18:44 . 2008-05-12 18:44 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-12 18:44 . 2008-05-12 18:44 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-12 18:44 . 2008-05-12 18:44 <DIR> d-------- C:\Program Files\MSBuild
2008-05-12 18:43 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-12 18:37 . 2008-05-12 18:37 <DIR> d-------- C:\Program Files\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 09:56 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-11 10:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-02 21:20 --------- d-----w C:\Program Files\Opera
2008-05-29 13:07 --------- d-----w C:\Documents and Settings\PETO\Application Data\Skype
2008-05-29 09:05 --------- d-----w C:\Documents and Settings\PETO\Application Data\skypePM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 12:24 --------- d-----w C:\Program Files\Spyware Terminator
2008-05-03 09:15 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-25 18:10 --------- d-----w C:\Program Files\RAPID UPLOADER
2008-04-22 12:56 --------- d-----w C:\Program Files\2K Sports
2008-04-22 11:02 160,432 ----a-w C:\WINDOWS\Winter Challenge 2008 Uninstaller.exe
2008-04-22 11:01 --------- d-----w C:\Program Files\Kalypso
2008-04-22 08:32 --------- d-----w C:\Program Files\ICQ6
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-15 13:35 --------- d-----w C:\Program Files\LAN Consult
2008-04-15 13:19 --------- d-----w C:\Documents and Settings\PETO\Application Data\Faktury Plus
2008-04-15 13:08 --------- d-----w C:\Program Files\Faktury Plus
2008-04-14 11:01 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-12 17:33 --------- d-----w C:\Program Files\EA SPORTS
2008-04-12 17:11 --------- d-----w C:\Documents and Settings\PETO\Application Data\Passolo Demo
2008-04-12 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Passolo Demo
2008-03-28 21:31 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-03-28 21:31 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 23:41 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-08 03:20 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA2683D6-5700-45ED-AA01-8D66F1637E5D}]
C:\WINDOWS\system32\khfec.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-12 11:56 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 09:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 09:19 323584 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-03 11:15 1817600]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"P17Helper"="P17.dll" [2005-05-03 20:38 64512 C:\WINDOWS\system32\P17.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Samsung Multimedia Keyboard.lnk - C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe [2008-01-08 01:39:37 585728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-12 11:56 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Akcelerátor spuštění AutoCADu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Akcelerátor spuštění AutoCADu.lnk
backup=C:\WINDOWS\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2002-09-11 13:58 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a------ 2002-09-11 13:57 45056 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-09-09 18:16 90112 C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
--a------ 2003-09-23 12:04 32768 C:\PROGRA~1\Pinnacle Systems\PPE\PPE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2003-12-04 13:34 406016 C:\WINDOWS\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-17 11:42 69632 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--a------ 2008-02-20 17:19 356352 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-05-03 11:15]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 08:04]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\WINDOWS\system32\DRIVERS\s916bus.sys [2007-11-02 12:47]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 13:55]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 13:55]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 13:55]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 13:56]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 13:56]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 13:56]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 13:56]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 16:03:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-12 16:04:35
ComboFix-quarantined-files.txt 2008-06-12 14:04:32

Pre-Run: 11,039,105,024 bytes free
Post-Run: 11,029,385,216 bytes free

175 --- E O F --- 2008-06-11 08:50:35


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 12.06.2008 16:25

spusti combofix so scriptom

Kód:
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA2683D6-5700-45ED-AA01-8D66F1637E5D}]


fix v hijackthis:
O2 - BHO: (no name) - {EA2683D6-5700-45ED-AA01-8D66F1637E5D} - C:\WINDOWS\system32\khfec.dll (file missing)

inak OK, mavas nejake problemy?


Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.03.08
Prihlásený: 16.12.21
Príspevky: 39
Témy: 11
Bydlisko: Nitra
Príspevok Napísal autor témyOffline : 12.06.2008 16:35

ani nie, nemavam ale dnes som robil komplet scanning cez antispyware, ad-aware, antivirus a naslo mi asi 2-3 trojanov a vselijake ine hovadiny ktore sa nedali nijak odstranit....
Preco si sa pytal???
a inak dik za pomoc...ste tu vsetci hrozne napomocni... ;-)


Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.03.08
Prihlásený: 16.12.21
Príspevky: 39
Témy: 11
Bydlisko: Nitra
Príspevok Napísal autor témyOffline : 12.06.2008 16:46

ale ja v hijackthis nemam taký súbor, čo si mi napísal??? :-O


Offline

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline : 12.06.2008 16:49

jj uz nemas :) som ti to dal duplicitne :D postni este log z C:\combofix.txt a potom daj start-spustit a zadaj prikaz ComboFix /u
.


Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.03.08
Prihlásený: 16.12.21
Príspevky: 39
Témy: 11
Bydlisko: Nitra
Príspevok Napísal autor témyOffline : 12.06.2008 16:58

tomuto poslednému nerozumiem, čo mám prosím ťa presne spraviť, lebo ten text. subor combofix.txt ja neviem nikde nájsť a už som to všetko prebehol tým T-Cleanerom....?


Offline

Skúsený užívateľ
Skúsený užívateľ
Odstránenie vírusu

Registrovaný: 10.07.07
Prihlásený: 02.11.17
Príspevky: 1060
Témy: 0
Bydlisko: Bratislava
Príspevok NapísalOffline : 15.06.2008 1:56

Hej,
a
zaroven si stiahni:
ftp://ftp.microworldsystems.com/download/tools/mwav.exe

a potom:

1.Pred spustenim scanu vykonaj aktualizaciu (je tam gombik).

Po skonceni!
2. mysou oznac len pole "informace o nalezenych hrozbach" ;)
a vykonaj ctrl-C ..tento obsah sa oznaci pre nasledne kopirovanie..
a cez Ctrl-V ho vlozis priamo sem do fora.

Potom sa da riesit..







_________________
Nebo je modre, voda je mokra...
Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.03.08
Prihlásený: 16.12.21
Príspevky: 39
Témy: 11
Bydlisko: Nitra
Príspevok Napísal autor témyOffline : 16.06.2008 11:54

zoskenoval som systém Avirou Antivirusom a nevedelo mi preveriť súbor pagefile.sys??? neviete o aký súbor náhodou ide???

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'


Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.03.08
Prihlásený: 16.12.21
Príspevky: 39
Témy: 11
Bydlisko: Nitra
Príspevok Napísal autor témyOffline : 16.06.2008 13:47

16 VI 2008 13:38:36 - ***** Checking for specific ITW Viruses *****
16 VI 2008 13:38:36 - Checking for Welchia Virus...
16 VI 2008 13:38:36 - Checking for LovGate Virus...
16 VI 2008 13:38:36 - Checking for CodeRed Virus...
16 VI 2008 13:38:36 - Checking for OpaServ Virus...
16 VI 2008 13:38:36 - Checking for Sobig.e Virus...
16 VI 2008 13:38:36 - Checking for Winupie Virus...
16 VI 2008 13:38:36 - Checking for Swen Virus...
16 VI 2008 13:38:36 - Checking for JS.Fortnight Virus...
16 VI 2008 13:38:36 - Checking for Novarg Virus...
16 VI 2008 13:38:36 - Checking for Pagabot Virus...
16 VI 2008 13:38:36 - Checking for Parite.b Virus...
16 VI 2008 13:38:36 - Checking for Parite.a Virus...
16 VI 2008 13:38:36 - Checking for Adware.SeekSeek Virus...

16 VI 2008 13:38:36 - ***** Scanning complete. *****
16 VI 2008 13:38:36 - Total Objects Scanned: 82420
16 VI 2008 13:38:36 - Total Critical Objects: 0
16 VI 2008 13:38:36 - Total Disinfected Objects: 0
16 VI 2008 13:38:36 - Total Objects Renamed: 0
16 VI 2008 13:38:36 - Total Deleted Objects: 0
16 VI 2008 13:38:36 - Total Errors: 10
16 VI 2008 13:38:36 - Time Elapsed: 01:39:42
16 VI 2008 13:38:36 - Virus Database Date: 16 Jun 2008
16 VI 2008 13:38:36 - Virus Database Count: 870949

16 VI 2008 13:38:36 - Scan Completed.


Offline

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 12.06.08
Prihlásený: 16.09.10
Príspevky: 440
Témy: 4
Príspevok NapísalOffline : 16.06.2008 18:00

Je to v poriadku.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.03.07
Prihlásený: 28.07.16
Príspevky: 4149
Témy: 251
Bydlisko: Michalovce
Príspevok NapísalOffline : 16.06.2008 18:23

jaguar - to druhé okno..
Aj tak nič kritické len asi 10 chýb (zlých starých odkazov v registroch)







_________________
PC1: Intel Core i5 4690k / MSI Z97 Gaming 3 / Kingston HyperX Fury 8GB DDR3 / MSI R9 380 Gaming 2GB / Crucial MX100 256GB SSD / Samsung EcoGreen F3 HD105SI 1TB SATA / CoolerMaster G450M / LG IPS235P

PC2: AMD Phenom II X4 955 / ASUS M5A97 PRO / Kingston 8GB Kit DDR3 / grafika RIP :( /

NTB: Lenovo IdeaPad Y580 - Intel Core i5 3210 / 15.6" 1080p / 8GB DDR3 / NVIDIA GeForce GTX660M 2GB / SSD 90GB Intel 525 mSATA / HDD 1TB 5400 RPM
Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.03.08
Prihlásený: 16.12.21
Príspevky: 39
Témy: 11
Bydlisko: Nitra
Príspevok Napísal autor témyOffline : 17.06.2008 12:53

takže som rád, že sa to vyriešilo,
veľká vďaka Vám všetkým :)


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.01.11
Prihlásený: 29.01.11
Príspevky: 1
Témy: 0
Príspevok NapísalOffline : 29.01.2011 14:37

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:15:38, on 29. 1. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3Trayp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\system32\wbem\wmiapsrv.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Uniblue\DriverScanner\DriverScanner.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3Trayp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [Z810SysStart] C:\Program Files\Connection Manager\sysctrl.exe
O4 - HKLM\..\Run: [Z810PNP] C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Z810SysStart] C:\Program Files\Connection Manager\sysctrl.exe
O4 - HKCU\..\Run: [Z810PNP] C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6272 bytes

// pridané po 1 hodine 39 minútach od posledného príspevku

ComboFix 11-01-28.03 - Admin . 01. 2011 12:52:02.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1406.999 [GMT 1]
Spuštěný z: c:\program files\Wasko PROGRAMS\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-12-28 do 2011-01-29 )))))))))))))))))))))))))))))))
.

2011-01-29 11:07 . 2011-01-29 11:07 -------- d-----w- c:\documents and settings\Admin\DoctorWeb
2011-01-29 10:40 . 2011-01-29 10:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-01-29 10:40 . 2011-01-29 10:40 -------- d-----w- c:\documents and settings\Admin\Data aplikací\SUPERAntiSpyware.com
2011-01-29 10:40 . 2011-01-29 10:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-29 10:38 . 2011-01-29 10:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Google Updater
2011-01-29 10:11 . 2011-01-29 10:11 388096 ----a-r- c:\documents and settings\Admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-29 10:11 . 2011-01-29 10:11 -------- d-----w- c:\program files\Trend Micro
2011-01-29 09:54 . 2011-01-29 09:54 390144 ----a-w- c:\windows\system32\CF19599.exe
2011-01-29 09:54 . 2011-01-29 09:54 390144 ----a-w- c:\windows\system32\CF19501.exe
2011-01-29 09:54 . 2011-01-29 09:52 390144 ----a-w- c:\windows\system32\CF19227.exe
2011-01-28 18:04 . 2011-01-28 18:17 -------- d-----w- c:\program files\AtomixMP3
2011-01-28 17:39 . 2011-01-28 17:39 -------- d-----w- c:\documents and settings\Admin\Data aplikací\DVDVideoSoftIEHelpers
2011-01-28 17:39 . 2011-01-28 17:39 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-01-28 17:39 . 2011-01-28 17:39 -------- d-----w- c:\program files\DVDVideoSoft
2011-01-17 14:43 . 2011-01-17 14:43 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Weather forecast v1
2011-01-17 14:42 . 2011-01-17 14:42 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-09 23:37 . 2011-01-09 23:37 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2011-01-09 09:39 . 2011-01-09 09:39 -------- d-----w- c:\program files\Sony Ericsson
2011-01-09 01:27 . 2007-07-06 09:34 4096 ----a-w- c:\windows\ndridev.dll
2011-01-08 21:43 . 2011-01-08 21:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-01-03 10:26 . 2011-01-03 10:57 -------- d-----w- c:\documents and settings\Admin\Data aplikací\PhotoScape
2011-01-03 10:23 . 2011-01-03 10:23 -------- d-----w- c:\program files\PhotoScape

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2062-12-31 22:00 . 2062-12-31 22:00 53248 ----a-w- c:\windows\sm56cht.dll
2062-12-31 22:00 . 2062-12-31 22:00 53248 ----a-w- c:\windows\sm56chs.dll
2062-12-31 22:00 . 2010-10-26 12:05 61440 ----a-w- c:\windows\system32\vuins32.dll
2062-12-31 22:00 . 2010-10-26 12:05 42496 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2010-12-14 23:11 . 2010-12-14 23:12 94336 ----a-w- c:\windows\system32\drivers\IT9135BDA.sys
2010-12-14 02:03 . 2010-12-14 02:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-14 02:03 . 2010-12-14 02:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-18 18:15 . 2010-10-26 11:47 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-10-26 12:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-10-26 11:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-09 14:51 . 2009-09-28 13:35 253952 ----a-w- c:\windows\system32\odbc32.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-02 15:17 . 2008-04-13 22:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.

------- Sigcheck -------

[-] 2009-09-28 . 66E217E5E009815E06BA4F632794B731 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-01-29_10.06.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-29 11:41 . 2011-01-29 11:41 16384 c:\windows\Temp\Perflib_Perfdata_2c4.dat
+ 2011-01-29 10:11 . 2011-01-29 10:11 1094656 c:\windows\Installer\6053dc.msi
+ 2009-09-28 13:40 . 2011-01-04 16:20 37403080 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Z810SysStart"="c:\program files\Connection Manager\sysctrl.exe" [2008-09-01 307200]
"Z810PNP"="c:\program files\Connection Manager\SamsungPnPServiceManager.exe" [2008-09-09 122880]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-29 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"VTTimer"="VTTimer.exe" [2006-08-03 53248]
"S3Trayp"="S3Trayp.exe" [2006-07-11 176128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-11 794714]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-09-29 720896]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2062-12-31 565248]
"Z810SysStart"="c:\program files\Connection Manager\sysctrl.exe" [2008-09-01 307200]
"Z810PNP"="c:\program files\Connection Manager\SamsungPnPServiceManager.exe" [2008-09-09 122880]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-12-14 202256]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-09-28 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [26. 10. 2010 16:18 40560]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 7. 2010 12:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3. 8. 2010 12:28 95896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17. 2. 2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10. 5. 2010 19:41 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [4. 11. 2010 17:15 810144]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [18. 12. 2010 4:50 27632]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [26. 10. 2010 14:03 217600]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [28. 9. 2009 14:38 9472]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3. 1. 2011 11:23 135664]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [9. 1. 2011 10:39 90112]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [15. 12. 2010 0:12 94336]
.
Obsah adresáře 'Naplánované úlohy'

2011-01-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-29 10]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 10]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 10]

2011-01-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1606980848-1177238915-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02]

2011-01-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1606980848-1177238915-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\9nfxx06u.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: VideoSurf Videos at a Glance: videosurf_enhanced@videosurf.com - %profile%\extensions\videosurf_enhanced@videosurf.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-29 12:55
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
Z810SysStart = c:\program files\Connection Manager\sysctrl.exe??F=??????????????9%[}?????([????????????59%[?F=??F=?<?A?I:%[????<?A?????????????<?A?????4?6~????}??????????????????????????????? ?7~??6~????????Z?6~@???*?6~???????????????????????????????????????????????????
Z810PNP = c:\program files\Connection Manager\SamsungPnPServiceManager.exe???????|????h???????n??|????????@???`???x???`??????|????????????????????@???????????????????????????d??????????|????0???A??||??????????|????H???A??|????]??|???????????|????????=??w????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Z810SysStart = c:\program files\Connection Manager\sysctrl.exe??F=??????????????9%[}?????([????????????59%[?F=??F=?<?A?I:%[????<?A?????????????<?A?????4?6~????}??????????????????????????????? ?7~??6~????????Z?6~@???*?6~???????????????????????????????????????????????????
Z810PNP = c:\program files\Connection Manager\SamsungPnPServiceManager.exe???????|????h???????n??|????????@???`???x???`??????|????????????????????@???????????????????????????d??????????|????0???A??||??????????|????H???A??|????]??|???????????|????????=??w????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(908)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(1876)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-01-29 12:57:07
ComboFix-quarantined-files.txt 2011-01-29 11:57
ComboFix2.txt 2011-01-29 10:07

Před spuštěním: 6 070 218 752
Po spuštění: 6 067 212 288

- - End Of File - - 15104926D6AF0F56010B31B1B12C7532

// pridané po 3 minútach od posledného príspevku

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:05:54, on 29. 1. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3Trayp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\system32\wbem\wmiapsrv.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3Trayp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [Z810SysStart] C:\Program Files\Connection Manager\sysctrl.exe
O4 - HKLM\..\Run: [Z810PNP] C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Z810SysStart] C:\Program Files\Connection Manager\sysctrl.exe
O4 - HKCU\..\Run: [Z810PNP] C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6655 bytes

// pridané po 1 hodine 28 minútach od posledného príspevku

ComboFix 11-01-28.03 - Admin . 01. 2011 14:19:48.9.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1406.902 [GMT 1]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-12-28 do 2011-01-29 )))))))))))))))))))))))))))))))
.

2011-01-29 13:15 . 2011-01-29 13:15 388096 ----a-r- c:\documents and settings\Admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-29 11:07 . 2011-01-29 11:07 -------- d-----w- c:\documents and settings\Admin\DoctorWeb
2011-01-29 10:40 . 2011-01-29 10:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-01-29 10:40 . 2011-01-29 10:40 -------- d-----w- c:\documents and settings\Admin\Data aplikací\SUPERAntiSpyware.com
2011-01-29 10:40 . 2011-01-29 10:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-29 10:38 . 2011-01-29 10:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Google Updater
2011-01-29 10:11 . 2011-01-29 10:11 -------- d-----w- c:\program files\Trend Micro
2011-01-29 09:54 . 2011-01-29 09:54 390144 ----a-w- c:\windows\system32\CF19599.exe
2011-01-29 09:54 . 2011-01-29 09:54 390144 ----a-w- c:\windows\system32\CF19501.exe
2011-01-29 09:54 . 2011-01-29 09:52 390144 ----a-w- c:\windows\system32\CF19227.exe
2011-01-28 18:04 . 2011-01-28 18:17 -------- d-----w- c:\program files\AtomixMP3
2011-01-28 17:39 . 2011-01-28 17:39 -------- d-----w- c:\documents and settings\Admin\Data aplikací\DVDVideoSoftIEHelpers
2011-01-28 17:39 . 2011-01-28 17:39 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-01-28 17:39 . 2011-01-28 17:39 -------- d-----w- c:\program files\DVDVideoSoft
2011-01-17 14:43 . 2011-01-17 14:43 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Weather forecast v1
2011-01-17 14:42 . 2011-01-17 14:42 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-09 23:37 . 2011-01-09 23:37 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2011-01-09 09:39 . 2011-01-09 09:39 -------- d-----w- c:\program files\Sony Ericsson
2011-01-09 01:27 . 2007-07-06 09:34 4096 ----a-w- c:\windows\ndridev.dll
2011-01-08 21:43 . 2011-01-08 21:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-01-03 10:26 . 2011-01-03 10:57 -------- d-----w- c:\documents and settings\Admin\Data aplikací\PhotoScape
2011-01-03 10:23 . 2011-01-03 10:23 -------- d-----w- c:\program files\PhotoScape

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2062-12-31 22:00 . 2062-12-31 22:00 53248 ----a-w- c:\windows\sm56cht.dll
2062-12-31 22:00 . 2062-12-31 22:00 53248 ----a-w- c:\windows\sm56chs.dll
2062-12-31 22:00 . 2010-10-26 12:05 61440 ----a-w- c:\windows\system32\vuins32.dll
2062-12-31 22:00 . 2010-10-26 12:05 42496 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2010-12-14 23:11 . 2010-12-14 23:12 94336 ----a-w- c:\windows\system32\drivers\IT9135BDA.sys
2010-12-14 02:03 . 2010-12-14 02:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-14 02:03 . 2010-12-14 02:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-18 18:15 . 2010-10-26 11:47 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-10-26 12:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-10-26 11:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-09 14:51 . 2009-09-28 13:35 253952 ----a-w- c:\windows\system32\odbc32.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-02 15:17 . 2008-04-13 22:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.

------- Sigcheck -------

[-] 2009-09-28 . 66E217E5E009815E06BA4F632794B731 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-01-29_10.06.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-29 12:37 . 2011-01-29 12:37 16384 c:\windows\Temp\Perflib_Perfdata_308.dat
+ 2011-01-29 13:15 . 2011-01-29 13:15 1094656 c:\windows\Installer\221b8b.msi
+ 2009-09-28 13:40 . 2011-01-04 16:20 37403080 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Z810SysStart"="c:\program files\Connection Manager\sysctrl.exe" [2008-09-01 307200]
"Z810PNP"="c:\program files\Connection Manager\SamsungPnPServiceManager.exe" [2008-09-09 122880]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-29 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"VTTimer"="VTTimer.exe" [2006-08-03 53248]
"S3Trayp"="S3Trayp.exe" [2006-07-11 176128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-11 794714]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-09-29 720896]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2062-12-31 565248]
"Z810SysStart"="c:\program files\Connection Manager\sysctrl.exe" [2008-09-01 307200]
"Z810PNP"="c:\program files\Connection Manager\SamsungPnPServiceManager.exe" [2008-09-09 122880]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-12-14 202256]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-09-28 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [26. 10. 2010 16:18 40560]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 7. 2010 12:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3. 8. 2010 12:28 95896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17. 2. 2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10. 5. 2010 19:41 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [4. 11. 2010 17:15 810144]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [18. 12. 2010 4:50 27632]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [26. 10. 2010 14:03 217600]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [28. 9. 2009 14:38 9472]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3. 1. 2011 11:23 135664]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [9. 1. 2011 10:39 90112]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [15. 12. 2010 0:12 94336]
.
Obsah adresáře 'Naplánované úlohy'

2011-01-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-29 10]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 10]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 10]

2011-01-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1606980848-1177238915-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02]

2011-01-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1606980848-1177238915-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\9nfxx06u.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: VideoSurf Videos at a Glance: videosurf_enhanced@videosurf.com - %profile%\extensions\videosurf_enhanced@videosurf.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-29 14:22
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
Z810SysStart = c:\program files\Connection Manager\sysctrl.exe??F=?????0????????9%[}?????([????????????59%[?F=??F=?<?A?I:%[????<?A?????????????<?A?????4?6~0???}??????????????????????????????? ?7~??6~????????Z?6~@???*?6~????0??????????????????????????????????????????????
Z810PNP = c:\program files\Connection Manager\SamsungPnPServiceManager.exe???????|????h???????n??|????????@???`???x???`??????|????????????????????@???????????????????????????d??????????|????0???A??||??????????|????H???A??|????]??|???????????|????????=??w????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Z810SysStart = c:\program files\Connection Manager\sysctrl.exe??F=?????0????????9%[}?????([????????????59%[?F=??F=?<?A?I:%[????<?A?????????????<?A?????4?6~0???}??????????????????????????????? ?7~??6~????????Z?6~@???*?6~????0??????????????????????????????????????????????
Z810PNP = c:\program files\Connection Manager\SamsungPnPServiceManager.exe???????|????h???????n??|????????@???`???x???`??????|????????????????????@???????????????????????????d??????????|????0???A??||??????????|????H???A??|????]??|???????????|????????=??w????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(904)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(3076)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-01-29 14:23:51
ComboFix-quarantined-files.txt 2011-01-29 13:23
ComboFix2.txt 2011-01-29 13:04
ComboFix3.txt 2011-01-29 12:52
ComboFix4.txt 2011-01-29 12:33
ComboFix5.txt 2011-01-29 13:19

Před spuštěním: 6 001 119 232
Po spuštění: 5 990 608 896

- - End Of File - - E2FE2CA4CC60451B8BAEDFFDC6999B2F

// pridané po 31 sekundách od posledného príspevku

ComboFix 11-01-28.03 - Admin . 01. 2011 13:47:00.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1406.968 [GMT 1]
Spuštěný z: c:\program files\Wasko PROGRAMS\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-12-28 do 2011-01-29 )))))))))))))))))))))))))))))))
.

2011-01-29 11:07 . 2011-01-29 11:07 -------- d-----w- c:\documents and settings\Admin\DoctorWeb
2011-01-29 10:40 . 2011-01-29 10:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-01-29 10:40 . 2011-01-29 10:40 -------- d-----w- c:\documents and settings\Admin\Data aplikací\SUPERAntiSpyware.com
2011-01-29 10:40 . 2011-01-29 10:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-29 10:38 . 2011-01-29 10:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Google Updater
2011-01-29 10:11 . 2011-01-29 10:11 388096 ----a-r- c:\documents and settings\Admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-29 10:11 . 2011-01-29 10:11 -------- d-----w- c:\program files\Trend Micro
2011-01-29 09:54 . 2011-01-29 09:54 390144 ----a-w- c:\windows\system32\CF19599.exe
2011-01-29 09:54 . 2011-01-29 09:54 390144 ----a-w- c:\windows\system32\CF19501.exe
2011-01-29 09:54 . 2011-01-29 09:52 390144 ----a-w- c:\windows\system32\CF19227.exe
2011-01-28 18:04 . 2011-01-28 18:17 -------- d-----w- c:\program files\AtomixMP3
2011-01-28 17:39 . 2011-01-28 17:39 -------- d-----w- c:\documents and settings\Admin\Data aplikací\DVDVideoSoftIEHelpers
2011-01-28 17:39 . 2011-01-28 17:39 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-01-28 17:39 . 2011-01-28 17:39 -------- d-----w- c:\program files\DVDVideoSoft
2011-01-17 14:43 . 2011-01-17 14:43 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Weather forecast v1
2011-01-17 14:42 . 2011-01-17 14:42 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-09 23:37 . 2011-01-09 23:37 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2011-01-09 09:39 . 2011-01-09 09:39 -------- d-----w- c:\program files\Sony Ericsson
2011-01-09 01:27 . 2007-07-06 09:34 4096 ----a-w- c:\windows\ndridev.dll
2011-01-08 21:43 . 2011-01-08 21:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-01-03 10:26 . 2011-01-03 10:57 -------- d-----w- c:\documents and settings\Admin\Data aplikací\PhotoScape
2011-01-03 10:23 . 2011-01-03 10:23 -------- d-----w- c:\program files\PhotoScape

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2062-12-31 22:00 . 2062-12-31 22:00 53248 ----a-w- c:\windows\sm56cht.dll
2062-12-31 22:00 . 2062-12-31 22:00 53248 ----a-w- c:\windows\sm56chs.dll
2062-12-31 22:00 . 2010-10-26 12:05 61440 ----a-w- c:\windows\system32\vuins32.dll
2062-12-31 22:00 . 2010-10-26 12:05 42496 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2010-12-14 23:11 . 2010-12-14 23:12 94336 ----a-w- c:\windows\system32\drivers\IT9135BDA.sys
2010-12-14 02:03 . 2010-12-14 02:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-14 02:03 . 2010-12-14 02:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-18 18:15 . 2010-10-26 11:47 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-10-26 12:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-10-26 11:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-09 14:51 . 2009-09-28 13:35 253952 ----a-w- c:\windows\system32\odbc32.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-02 15:17 . 2008-04-13 22:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.

------- Sigcheck -------

[-] 2009-09-28 . 66E217E5E009815E06BA4F632794B731 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-01-29_10.06.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-29 12:37 . 2011-01-29 12:37 16384 c:\windows\Temp\Perflib_Perfdata_308.dat
+ 2011-01-29 10:11 . 2011-01-29 10:11 1094656 c:\windows\Installer\6053dc.msi
+ 2009-09-28 13:40 . 2011-01-04 16:20 37403080 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Z810SysStart"="c:\program files\Connection Manager\sysctrl.exe" [2008-09-01 307200]
"Z810PNP"="c:\program files\Connection Manager\SamsungPnPServiceManager.exe" [2008-09-09 122880]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-29 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"VTTimer"="VTTimer.exe" [2006-08-03 53248]
"S3Trayp"="S3Trayp.exe" [2006-07-11 176128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-11 794714]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-09-29 720896]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2062-12-31 565248]
"Z810SysStart"="c:\program files\Connection Manager\sysctrl.exe" [2008-09-01 307200]
"Z810PNP"="c:\program files\Connection Manager\SamsungPnPServiceManager.exe" [2008-09-09 122880]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-12-14 202256]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-09-28 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [26. 10. 2010 16:18 40560]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 7. 2010 12:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3. 8. 2010 12:28 95896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17. 2. 2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10. 5. 2010 19:41 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [4. 11. 2010 17:15 810144]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [18. 12. 2010 4:50 27632]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [26. 10. 2010 14:03 217600]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [28. 9. 2009 14:38 9472]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3. 1. 2011 11:23 135664]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [9. 1. 2011 10:39 90112]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [15. 12. 2010 0:12 94336]
.
Obsah adresáře 'Naplánované úlohy'

2011-01-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-29 10]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 10]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 10]

2011-01-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1606980848-1177238915-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02]

2011-01-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1606980848-1177238915-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\9nfxx06u.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: VideoSurf Videos at a Glance: videosurf_enhanced@videosurf.com - %profile%\extensions\videosurf_enhanced@videosurf.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-29 13:51
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
Z810SysStart = c:\program files\Connection Manager\sysctrl.exe??F=?????0????????9%[}?????([????????????59%[?F=??F=?<?A?I:%[????<?A?????????????<?A?????4?6~0???}??????????????????????????????? ?7~??6~????????Z?6~@???*?6~????0??????????????????????????????????????????????
Z810PNP = c:\program files\Connection Manager\SamsungPnPServiceManager.exe???????|????h???????n??|????????@???`???x???`??????|????????????????????@???????????????????????????d??????????|????0???A??||??????????|????H???A??|????]??|???????????|????????=??w????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Z810SysStart = c:\program files\Connection Manager\sysctrl.exe??F=?????0????????9%[}?????([????????????59%[?F=??F=?<?A?I:%[????<?A?????????????<?A?????4?6~0???}??????????????????????????????? ?7~??6~????????Z?6~@???*?6~????0??????????????????????????????????????????????
Z810PNP = c:\program files\Connection Manager\SamsungPnPServiceManager.exe???????|????h???????n??|????????@???`???x???`??????|????????????????????@???????????????????????????d??????????|????0???A??||??????????|????H???A??|????]??|???????????|????????=??w????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(904)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(1884)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-01-29 13:52:19
ComboFix-quarantined-files.txt 2011-01-29 12:52
ComboFix2.txt 2011-01-29 12:33
ComboFix3.txt 2011-01-29 12:25
ComboFix4.txt 2011-01-29 12:18
ComboFix5.txt 2011-01-29 12:46

Před spuštěním: 6 071 357 440
Po spuštění: 6 061 281 280

- - End Of File - - 58AACDC96294BBB12BF409BEDE17ED4C

// pridané po 2 minútach od posledného príspevku

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:36:47, on 29. 1. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3Trayp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\windows\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Wasko PROGRAMS\hijack\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3Trayp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [Z810SysStart] C:\Program Files\Connection Manager\sysctrl.exe
O4 - HKLM\..\Run: [Z810PNP] C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Z810SysStart] C:\Program Files\Connection Manager\sysctrl.exe
O4 - HKCU\..\Run: [Z810PNP] C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6810 bytes


Offline

Užívateľ
Užívateľ
Odstránenie vírusu

Registrovaný: 26.07.10
Prihlásený: 18.09.16
Príspevky: 1198
Témy: 40
Bydlisko: Košice
Príspevok NapísalOffline : 29.01.2011 17:38

Fúúú kamarat ti tam toho maš určite prve neš spustiš hocijake kontroly tak prejdi pc programom adwanced system care oprav registri a všetky ostatne chybi potom prekontroluj antivirakom a ked nepomože ťtak skus preinštalovat OS

// pridané po 37 sekundách od posledného príspevku

patrikos68 píše:
Fúúú kamarat ti tam toho maš určite prve neš spustiš hocijake kontroly tak prejdi pc programom adwanced system care oprav registri a všetky ostatne chybi potom prekontroluj antivirakom a ked nepomože ťtak skus preinštalovat OS
za gramatiku sa ospravedlnujem :)


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 30.01.11
Príspevky: 25
Témy: 1
Príspevok NapísalOffline : 30.01.2011 14:26

Ahoj
Logy su ok, Adwanced system care,nedavaj na pocitac, je to cinsky smejd,databazu ma kradnutu od Malwarebytes, a nalezy su falosne, aby tak donutil uzivatela na kupu, plnej verzie.


Odpovedať na tému [ Príspevkov: 19 ] 


Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy. odstranenie vírusu

v Antivíry a antispywary

12

1036

08.11.2011 17:10

Leslie12 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. NOD (ESS) - odstranenie virusu

v Antivíry a antispywary

2

759

04.04.2011 14:27

Milos Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. odstránenie vírusu Win32/Rustock trójsky kôň

v Antivíry a antispywary

5

3697

30.04.2010 0:02

blesko81 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Pomoc s odstránením vírusu

v Antivíry a antispywary

3

412

24.03.2014 23:05

4040 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Pomoc pri odstráneni pravdepodobného vírusu

v Antivíry a antispywary

15

1964

23.08.2008 20:13

Kosak Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Pomôže k odstráneniu vírusu obnovenie systému Windows?

v Bezpečnosť a firewally

3

513

30.08.2016 21:35

Smith Wesson Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Blbne PC....asi koli Virusu..Pls Help

v Antivíry a antispywary

10

775

25.02.2008 19:38

Qpkqkma Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Pomoc s reintalaciou windovsu koli zavaznemu virusu:D

v Operačné systémy Microsoft

9

413

28.10.2009 18:39

prandof Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Dá sa z antivíru nainštalovať len nástroj na detekciu vírusu

v Antivíry a antispywary

22

1254

06.10.2009 9:15

tairikuokami Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Odstránenie updatov

v Operačné systémy Microsoft

15

2262

27.08.2010 19:44

prandof Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Odstránenie číslovania :/

[ Choď na stránku:Choď na stránku: 1, 2 ]

v HTML, XHTML, XML, CSS

35

1071

13.04.2015 16:28

NextLevelPumu Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. odstranenie suboru

v Operačné systémy Microsoft

3

435

10.04.2011 15:53

guba Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. odstranenie suborou

v Ostatné programy

10

614

18.07.2010 22:22

Nanosonda Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Odstránenie ubuntu

v Operačné systémy Unix a Linux

3

1124

07.12.2008 0:45

branislav.poldauf Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Odstránenie Windowsu

v Operačné systémy Microsoft

4

417

07.10.2014 18:26

Smith Wesson Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. odstránenie zvuku

v Video programy

1

1089

15.05.2010 17:29

ac.milan Zobrazenie posledných príspevkov


Nemôžete zakladať nové témy v tomto fóre
Nemôžete odpovedať na témy v tomto fóre
Nemôžete upravovať svoje príspevky v tomto fóre
Nemôžete mazať svoje príspevky v tomto fóre

Skočiť na:  

Powered by phpBB Jarvis © 2005 - 2024 PCforum, webhosting by WebSupport, secured by GeoTrust, edited by JanoF
Ako väčšina webových stránok aj my používame cookies. Zotrvaním na webovej stránke súhlasíte, že ich môžeme používať.
Všeobecné podmienky, spracovanie osobných údajov a pravidlá fóra