Obsah fóra
PravidláRegistrovaťPrihlásenie

Obsah fóra » Software » Antivíry, bezpečnosť a sieť » Antivíry a antispywary » Pls skontrolujte log





Odpovedať na tému Stránka: 1 z 1
 [ Príspevkov: 16 ] 
AutorSpráva
Offline pipa0902

Užívateľ
Užívateľ
Pls skontrolujte log

Registrovaný: 29.05.07
Prihlásený: 27.09.10
Príspevky: 46
Témy: 15
Bydlisko: Topoľčany
Príspevok NapísalOffline pipa0902: 28.08.2008 15:43

Hádam píšem dobre toto mi poradila teta. Máte mi skontrolovať tento log z combofixu

ComboFix 08-08-27.06 - Owner2 2008-08-28 15:04:49.1 - NTFSx86
Running from: C:\Documents and Settings\Owner2\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 138140 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Secure Solutions
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080827085441421.log
C:\Documents and Settings\Owner2\Application Data\Adobe\crc.dat
C:\Documents and Settings\Owner2\Application Data\Adobe\Manager.exe
C:\Documents and Settings\Owner2\Application Data\macromedia\Flash Player\#SharedObjects\BSUC4RAA\bin.clearspring.com
C:\Documents and Settings\Owner2\Application Data\macromedia\Flash Player\#SharedObjects\BSUC4RAA\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Owner2\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Owner2\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Owner2\Desktop\Error Cleaner.url
C:\Documents and Settings\Owner2\Desktop\Privacy Protector.url
C:\Documents and Settings\Owner2\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Owner2\Favorites\Error Cleaner.url
C:\Documents and Settings\Owner2\Favorites\Privacy Protector.url
C:\Documents and Settings\Owner2\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\ebpx.exe
C:\WINDOWS\ewge.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\efcASkif.dll
C:\WINDOWS\system32\fikSAcfe.ini
C:\WINDOWS\system32\fikSAcfe.ini2
C:\WINDOWS\system32\geBtUnLc.dll
C:\WINDOWS\system32\jfytdheu.ini
C:\WINDOWS\system32\jkkKCtrr.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nysfclkr.ini
C:\WINDOWS\system32\wvUnOFxw.dll
C:\WINDOWS\system32\yayawwTJ.dll

----- BITS: Possible infected sites -----

http://hqsextube08.com
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))
.

2008-08-28 16:34 . 2008-08-28 16:34 <DIR> d-------- C:\Nov  slo§ka
2008-08-28 14:25 . 2008-08-28 11:17 380,928 --a------ C:\WINDOWS\rodqgpvlkel.dll
2008-08-28 14:25 . 2008-08-28 14:25 159,744 --a------ C:\WINDOWS\system32\mx63496.dll
2008-08-28 14:25 . 2008-08-28 14:25 159,744 --a------ C:\WINDOWS\system32\mmx63496.dll
2008-08-27 18:33 . 2008-08-27 18:33 103,552 --a------ C:\WINDOWS\system32\uehdtyfj.dll
2008-08-27 08:54 . 2008-08-27 08:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-27 08:52 . 2008-08-27 05:35 380,928 --a------ C:\WINDOWS\rodqgpvlkmb.dll
2008-08-27 08:52 . 2008-08-28 11:17 233,472 --a------ C:\WINDOWS\pdoskegl.dll
2008-08-27 08:52 . 2008-08-28 11:17 188,416 --a------ C:\WINDOWS\rqbmvpso.dll
2008-08-27 08:52 . 2008-08-28 11:17 155,648 --a------ C:\WINDOWS\qalkfxor.dll
2008-08-27 08:52 . 2008-08-27 08:52 126,976 --a------ C:\WINDOWS\system32\wx77892.dll
2008-08-27 08:52 . 2008-08-28 11:17 86,016 --a------ C:\WINDOWS\rvoelbxt.exe
2008-08-16 10:56 . 2008-08-16 10:59 <DIR> d-------- C:\Documents and Settings\Owner2\Application Data\FreeCall
2008-08-13 11:54 . 2008-08-13 11:54 209,635 --a------ C:\WINDOWS\IPUI_DivXG400.exe
2008-08-13 11:54 . 2002-05-17 16:17 184,320 --a------ C:\WINDOWS\system32\DivXG400.ax
2008-08-13 11:54 . 2008-08-13 11:54 21,810 --a------ C:\WINDOWS\system32\divxg400.htm
2008-08-09 22:53 . 2008-08-09 22:53 <DIR> d-------- C:\Documents and Settings\Owner2\Application Data\Amaranth Games
2008-08-09 22:36 . 2008-08-09 22:36 <DIR> d-------- C:\Documents and Settings\Owner2\Application Data\UNOUndercover
2008-08-09 22:35 . 2008-08-09 22:35 <DIR> d-------- C:\Program Files\Yummy Drink Factory
2008-08-09 21:56 . 2008-08-09 22:24 <DIR> d-------- C:\Documents and Settings\Owner2\Application Data\Boomzap

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 19:24 --------- d-----w C:\Program Files\EA GAMES
2008-08-27 06:51 --------- d-----w C:\Documents and Settings\Owner2\Application Data\uTorrent
2008-08-25 18:34 --------- d-----w C:\Documents and Settings\Owner2\Application Data\Skype
2008-08-25 17:40 --------- d-----w C:\Documents and Settings\Owner2\Application Data\skypePM
2008-08-22 19:37 --------- d-----w C:\Program Files\Java
2008-08-21 07:40 --------- d-----w C:\Program Files\Conduit
2008-08-15 08:43 --------- d-----w C:\Program Files\LimeWire
2008-08-15 08:42 --------- d-----w C:\Program Files\GedonSoft
2008-08-15 08:42 --------- d-----w C:\Program Files\Delicious Deluxe
2008-08-15 08:41 --------- d-----w C:\Program Files\Shopping Blocks
2008-08-15 08:39 --------- d-----w C:\Program Files\Vogue Tales
2008-08-15 08:37 --------- d-----w C:\Documents and Settings\Owner2\Application Data\MxBoost
2008-08-03 20:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-30 15:12 --------- d-----w C:\Program Files\Web Picture Creator
2008-07-23 09:43 --------- d-----w C:\Program Files\Atlantis Quest
2008-07-21 10:12 --------- d-----w C:\Program Files\Sims2Pack Clean Installer
2008-07-20 17:49 --------- d-----w C:\Program Files\Cat Daddy Games
2008-07-20 17:40 --------- d-----w C:\Program Files\Zen Fashion
2008-07-20 17:27 --------- d-----w C:\Program Files\Fitness Frenzy
2008-07-20 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fitn17
2008-07-18 19:24 --------- d-----w C:\Program Files\SlySoft
2008-07-18 18:48 --------- d-----w C:\Documents and Settings\Owner2\Application Data\fltk.org
2008-07-14 18:35 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-14 18:18 --------- d-----w C:\Program Files\Common Files\Vbox
2008-07-14 18:16 --------- d-----w C:\Program Files\Inkscape
2008-07-14 18:09 --------- d-----w C:\Documents and Settings\Owner2\Application Data\gtk-2.0
2008-07-14 18:05 --------- d-----w C:\Documents and Settings\Owner2\Application Data\Inkscape
2008-07-10 08:20 --------- d-----w C:\Program Files\Windows Live
2008-07-10 08:16 --------- d-----w C:\Program Files\Canon
2008-07-08 20:15 --------- d-----w C:\Program Files\BitNami Joomla Stack
2008-07-06 10:17 --------- d-----w C:\Documents and Settings\Owner2\Application Data\BearShare
2007-12-05 05:13 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0059A13-6FFE-354C-9B97-E404139229DA}]
2008-08-28 14:25 159744 --a------ C:\WINDOWS\system32\mmx63496.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF36791A-1847-4059-8BB4-89C28E514C6D}]
2008-08-27 05:35 380928 --a------ C:\WINDOWS\rodqgpvlkmb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E46A59BF-81A2-48B5-A88A-E262DDC9349E}]
2008-08-28 11:17 380928 --a------ C:\WINDOWS\rodqgpvlkel.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-01 22:32 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"rqbmvpso"= {005FA0AC-2B79-4936-9C39-A0B4B77739C8} - C:\WINDOWS\rqbmvpso.dll [2008-08-28 11:17 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9c728295]
--a------ 2008-08-27 18:33 103552 C:\WINDOWS\system32\uehdtyfj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series]
--a------ 2007-04-12 08:00 182272 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICDE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2007-02-12 15:50 20480 C:\WINDOWS\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 15:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
--a------ 2006-10-10 15:11 827392 C:\WINDOWS\vsnp325.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-05-28 10:14 528384 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
--a------ 2005-10-28 02:01 139264 C:\Program Files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
--a------ 2006-10-10 16:49 270336 C:\WINDOWS\tsnp325.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2006-03-01 10:22 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2006-09-21 17:36 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2006-12-15 15:04 176128 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\BORGChat\\BORGChat.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 23:38]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-02-28 14:00]
R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-04-03 14:55]
S3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys []
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-06-29 10:59]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-06-29 10:59]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F4A96AB1-07E2-E578-7C1A-4B6C149787F8}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AAWTray - C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
MSConfigStartUp-AlcoholAutomount - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-FreeCall - C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
MSConfigStartUp-InCD - C:\Program Files\Nero\Nero 7\InCD\InCD.exe
MSConfigStartUp-ISUSPM - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\qttask.exe
MSConfigStartUp-Run - C:\Documents and Settings\Owner2\Application Data\Adobe\Manager.exe
MSConfigStartUp-s9201 - C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe
MSConfigStartUp-SMail - C:\Program Files\Seznam\Postak\Postak.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner2\Application Data\Mozilla\Firefox\Profiles\dzmyamhh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?inv ... ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.zoznam.sk
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NpFv41629.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 15:28:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-08-28 15:36:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-28 13:36:15

Pre-Run: 39,281,897,472 bytes free
Post-Run: 16 adres rov, 39,380,725,760 vo–něch bajtov

250 --- E O F --- 2007-12-07 20:11:14


Offline SilverSurfer

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.03.08
Prihlásený: 27.12.20
Príspevky: 2680
Témy: 216
Bydlisko: Humenne
Príspevok NapísalOffline SilverSurfer: 28.08.2008 16:33

vypni si rezidentny stit antiviraka a antispywera a daj spravit este raz log a potom ho tu postni.


Offline pipa0902

Užívateľ
Užívateľ
Pls skontrolujte log

Registrovaný: 29.05.07
Prihlásený: 27.09.10
Príspevky: 46
Témy: 15
Bydlisko: Topoľčany
Príspevok Napísal autor témyOffline pipa0902: 28.08.2008 17:39

no tak som vypla. hadam to zapisalo lebo to robilo nejak extra rychlo a potom zmyzla lišta aj všetko a som musela reštarotvať comp. predtym to nerobilo. ale no davam ak nie skusim ešte raz


ComboFix 08-08-27.06 - Owner2 2008-08-28 17:19:35.2 - NTFSx86
Running from: C:\Documents and Settings\Owner2\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm

.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))
.

2008-08-28 16:34 . 2008-08-28 16:34 <DIR> d-------- C:\Nová složka
2008-08-28 14:25 . 2008-08-28 11:17 380,928 --a------ C:\WINDOWS\rodqgpvlkel.dll
2008-08-28 14:25 . 2008-08-28 14:25 159,744 --a------ C:\WINDOWS\system32\mx63496.dll
2008-08-28 14:25 . 2008-08-28 14:25 159,744 --a------ C:\WINDOWS\system32\mmx63496.dll
2008-08-27 18:33 . 2008-08-27 18:33 103,552 --a------ C:\WINDOWS\system32\uehdtyfj.dll
2008-08-27 08:54 . 2008-08-27 08:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-27 08:52 . 2008-08-27 05:35 380,928 --a------ C:\WINDOWS\rodqgpvlkmb.dll
2008-08-27 08:52 . 2008-08-28 11:17 233,472 --a------ C:\WINDOWS\pdoskegl.dll
2008-08-27 08:52 . 2008-08-28 11:17 188,416 --a------ C:\WINDOWS\rqbmvpso.dll
2008-08-27 08:52 . 2008-08-28 11:17 155,648 --a------ C:\WINDOWS\qalkfxor.dll
2008-08-27 08:52 . 2008-08-27 08:52 126,976 --a------ C:\WINDOWS\system32\wx77892.dll
2008-08-27 08:52 . 2008-08-28 11:17 86,016 --a------ C:\WINDOWS\rvoelbxt.exe
2008-08-16 10:56 . 2008-08-16 10:59 <DIR> d-------- C:\Documents and Settings\Owner2\Application Data\FreeCall
2008-08-13 11:54 . 2008-08-13 11:54 209,635 --a------ C:\WINDOWS\IPUI_DivXG400.exe
2008-08-13 11:54 . 2002-05-17 16:17 184,320 --a------ C:\WINDOWS\system32\DivXG400.ax
2008-08-13 11:54 . 2008-08-13 11:54 21,810 --a------ C:\WINDOWS\system32\divxg400.htm
2008-08-09 22:53 . 2008-08-09 22:53 <DIR> d-------- C:\Documents and Settings\Owner2\Application Data\Amaranth Games
2008-08-09 22:36 . 2008-08-09 22:36 <DIR> d-------- C:\Documents and Settings\Owner2\Application Data\UNOUndercover
2008-08-09 22:35 . 2008-08-09 22:35 <DIR> d-------- C:\Program Files\Yummy Drink Factory
2008-08-09 21:56 . 2008-08-09 22:24 <DIR> d-------- C:\Documents and Settings\Owner2\Application Data\Boomzap

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 15:17 --------- d-----w C:\Documents and Settings\Owner2\Application Data\uTorrent
2008-08-28 14:39 --------- d-----w C:\Program Files\ESET
2008-08-28 13:53 --------- d-----w C:\Program Files\ICQ6
2008-08-27 19:24 --------- d-----w C:\Program Files\EA GAMES
2008-08-25 18:34 --------- d-----w C:\Documents and Settings\Owner2\Application Data\Skype
2008-08-25 17:40 --------- d-----w C:\Documents and Settings\Owner2\Application Data\skypePM
2008-08-22 19:37 --------- d-----w C:\Program Files\Java
2008-08-21 07:40 --------- d-----w C:\Program Files\Conduit
2008-08-15 08:43 --------- d-----w C:\Program Files\LimeWire
2008-08-15 08:42 --------- d-----w C:\Program Files\GedonSoft
2008-08-15 08:42 --------- d-----w C:\Program Files\Delicious Deluxe
2008-08-15 08:41 --------- d-----w C:\Program Files\Shopping Blocks
2008-08-15 08:39 --------- d-----w C:\Program Files\Vogue Tales
2008-08-15 08:37 --------- d-----w C:\Documents and Settings\Owner2\Application Data\MxBoost
2008-08-03 20:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-30 15:12 --------- d-----w C:\Program Files\Web Picture Creator
2008-07-23 09:43 --------- d-----w C:\Program Files\Atlantis Quest
2008-07-21 10:12 --------- d-----w C:\Program Files\Sims2Pack Clean Installer
2008-07-20 17:49 --------- d-----w C:\Program Files\Cat Daddy Games
2008-07-20 17:40 --------- d-----w C:\Program Files\Zen Fashion
2008-07-20 17:27 --------- d-----w C:\Program Files\Fitness Frenzy
2008-07-20 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fitn17
2008-07-18 19:24 --------- d-----w C:\Program Files\SlySoft
2008-07-18 18:48 --------- d-----w C:\Documents and Settings\Owner2\Application Data\fltk.org
2008-07-14 18:35 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-14 18:18 --------- d-----w C:\Program Files\Common Files\Vbox
2008-07-14 18:16 --------- d-----w C:\Program Files\Inkscape
2008-07-14 18:09 --------- d-----w C:\Documents and Settings\Owner2\Application Data\gtk-2.0
2008-07-14 18:05 --------- d-----w C:\Documents and Settings\Owner2\Application Data\Inkscape
2008-07-10 08:20 --------- d-----w C:\Program Files\Windows Live
2008-07-10 08:16 --------- d-----w C:\Program Files\Canon
2008-07-08 20:15 --------- d-----w C:\Program Files\BitNami Joomla Stack
2008-07-06 10:17 --------- d-----w C:\Documents and Settings\Owner2\Application Data\BearShare
2008-06-23 17:34 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-05 05:13 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0059A13-6FFE-354C-9B97-E404139229DA}]
2008-08-28 14:25 159744 --a------ C:\WINDOWS\system32\mmx63496.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF36791A-1847-4059-8BB4-89C28E514C6D}]
2008-08-27 05:35 380928 --a------ C:\WINDOWS\rodqgpvlkmb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E46A59BF-81A2-48B5-A88A-E262DDC9349E}]
2008-08-28 11:17 380928 --a------ C:\WINDOWS\rodqgpvlkel.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-01 22:32 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"rqbmvpso"= {005FA0AC-2B79-4936-9C39-A0B4B77739C8} - C:\WINDOWS\rqbmvpso.dll [2008-08-28 11:17 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9c728295]
--a------ 2008-08-27 18:33 103552 C:\WINDOWS\system32\uehdtyfj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series]
--a------ 2007-04-12 08:00 182272 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICDE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2007-02-12 15:50 20480 C:\WINDOWS\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 15:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
--a------ 2006-10-10 15:11 827392 C:\WINDOWS\vsnp325.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-05-28 10:14 528384 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
--a------ 2005-10-28 02:01 139264 C:\Program Files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
--a------ 2006-10-10 16:49 270336 C:\WINDOWS\tsnp325.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2006-03-01 10:22 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2006-09-21 17:36 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2006-12-15 15:04 176128 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\BORGChat\\BORGChat.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 23:38]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-02-28 14:00]
R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-04-03 14:55]
S3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys []
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-06-29 10:59]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-06-29 10:59]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F4A96AB1-07E2-E578-7C1A-4B6C149787F8}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner2\Application Data\Mozilla\Firefox\Profiles\dzmyamhh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?inv ... ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.zoznam.sk
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NpFv41629.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 17:22:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-08-28 17:24:44
ComboFix-quarantined-files.txt 2008-08-28 15:24:10
ComboFix2.txt 2008-08-28 13:36:36

Pre-Run: 39,784,189,952 bytes free
Post-Run: 16 adresárov, 39,775,514,624 voľných bajtov

198 --- E O F --- 2007-12-07 20:11:14


Offline yaJohny

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline yaJohny: 28.08.2008 18:06

otvor poznamkovy blok a vloz tam:

Kód:
File::
C:\WINDOWS\rodqgpvlkel.dll
C:\WINDOWS\system32\mx63496.dll
C:\WINDOWS\system32\mmx63496.dll
C:\WINDOWS\system32\uehdtyfj.dll
C:\WINDOWS\rodqgpvlkmb.dll
C:\WINDOWS\pdoskegl.dll
C:\WINDOWS\rqbmvpso.dll
C:\WINDOWS\qalkfxor.dll
C:\WINDOWS\system32\wx77892.dll
C:\WINDOWS\rvoelbxt.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0059A13-6FFE-354C-9B97-E404139229DA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF36791A-1847-4059-8BB4-89C28E514C6D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E46A59BF-81A2-48B5-A88A-E262DDC9349E}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000

uloz pod nazvom CFSCRIPT.TXT a potom tento subor pretiahni na combofix....vysledok testu hod sem


Offline pipa0902

Užívateľ
Užívateľ
Pls skontrolujte log

Registrovaný: 29.05.07
Prihlásený: 27.09.10
Príspevky: 46
Témy: 15
Bydlisko: Topoľčany
Príspevok Napísal autor témyOffline pipa0902: 28.08.2008 19:49

hmm neviem či je to v poho alebo nie. no spravila som podal navodu to že som to pretiahla do combofixu. potom to začalo pracovať. ked som sa vratila po nejakom čase pri comp bol otvoreny iba jeden textorvy dokument s nazvom log.txt. nič ine nešlo robiť tak som teda reštartla comp ked som ho zapla log.txt som nikde nenašla. tak kopirujem čo je v C:/ComboFix.txt

Kód:
ComboFix 08-08-27.06 - Owner2 2008-08-28 19:22:24.3 - NTFSx86
Running from: C:\Documents and Settings\Owner2\Desktop\ComboFix.exe
 * Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm

.
(((((((((((((((((((((((((   Files Created from 2008-07-28 to 2008-08-28  )))))))))))))))))))))))))))))))
.

2008-08-28 16:34 . 2008-08-28 16:34   <DIR>   d--------   C:\Nová složka
2008-08-28 14:25 . 2008-08-28 11:17   380,928   --a------   C:\WINDOWS\rodqgpvlkel.dll
2008-08-28 14:25 . 2008-08-28 14:25   159,744   --a------   C:\WINDOWS\system32\mx63496.dll
2008-08-28 14:25 . 2008-08-28 14:25   159,744   --a------   C:\WINDOWS\system32\mmx63496.dll
2008-08-27 18:33 . 2008-08-27 18:33   103,552   --a------   C:\WINDOWS\system32\uehdtyfj.dll
2008-08-27 08:54 . 2008-08-27 08:54   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\services
2008-08-27 08:52 . 2008-08-27 05:35   380,928   --a------   C:\WINDOWS\rodqgpvlkmb.dll
2008-08-27 08:52 . 2008-08-28 11:17   233,472   --a------   C:\WINDOWS\pdoskegl.dll
2008-08-27 08:52 . 2008-08-28 11:17   188,416   --a------   C:\WINDOWS\rqbmvpso.dll
2008-08-27 08:52 . 2008-08-28 11:17   155,648   --a------   C:\WINDOWS\qalkfxor.dll
2008-08-27 08:52 . 2008-08-27 08:52   126,976   --a------   C:\WINDOWS\system32\wx77892.dll
2008-08-27 08:52 . 2008-08-28 11:17   86,016   --a------   C:\WINDOWS\rvoelbxt.exe
2008-08-16 10:56 . 2008-08-16 10:59   <DIR>   d--------   C:\Documents and Settings\Owner2\Application Data\FreeCall
2008-08-13 11:54 . 2008-08-13 11:54   209,635   --a------   C:\WINDOWS\IPUI_DivXG400.exe
2008-08-13 11:54 . 2002-05-17 16:17   184,320   --a------   C:\WINDOWS\system32\DivXG400.ax
2008-08-13 11:54 . 2008-08-13 11:54   21,810   --a------   C:\WINDOWS\system32\divxg400.htm
2008-08-09 22:53 . 2008-08-09 22:53   <DIR>   d--------   C:\Documents and Settings\Owner2\Application Data\Amaranth Games
2008-08-09 22:36 . 2008-08-09 22:36   <DIR>   d--------   C:\Documents and Settings\Owner2\Application Data\UNOUndercover
2008-08-09 22:35 . 2008-08-09 22:35   <DIR>   d--------   C:\Program Files\Yummy Drink Factory
2008-08-09 21:56 . 2008-08-09 22:24   <DIR>   d--------   C:\Documents and Settings\Owner2\Application Data\Boomzap

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 17:22   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\uTorrent
2008-08-28 14:39   ---------   d-----w   C:\Program Files\ESET
2008-08-28 13:53   ---------   d-----w   C:\Program Files\ICQ6
2008-08-27 19:24   ---------   d-----w   C:\Program Files\EA GAMES
2008-08-25 18:34   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\Skype
2008-08-25 17:40   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\skypePM
2008-08-22 19:37   ---------   d-----w   C:\Program Files\Java
2008-08-21 07:40   ---------   d-----w   C:\Program Files\Conduit
2008-08-15 08:43   ---------   d-----w   C:\Program Files\LimeWire
2008-08-15 08:42   ---------   d-----w   C:\Program Files\GedonSoft
2008-08-15 08:42   ---------   d-----w   C:\Program Files\Delicious Deluxe
2008-08-15 08:41   ---------   d-----w   C:\Program Files\Shopping Blocks
2008-08-15 08:39   ---------   d-----w   C:\Program Files\Vogue Tales
2008-08-15 08:37   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\MxBoost
2008-08-03 20:54   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-07-30 15:12   ---------   d-----w   C:\Program Files\Web Picture Creator
2008-07-23 09:43   ---------   d-----w   C:\Program Files\Atlantis Quest
2008-07-21 10:12   ---------   d-----w   C:\Program Files\Sims2Pack Clean Installer
2008-07-20 17:49   ---------   d-----w   C:\Program Files\Cat Daddy Games
2008-07-20 17:40   ---------   d-----w   C:\Program Files\Zen Fashion
2008-07-20 17:27   ---------   d-----w   C:\Program Files\Fitness Frenzy
2008-07-20 17:27   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Fitn17
2008-07-18 19:24   ---------   d-----w   C:\Program Files\SlySoft
2008-07-18 18:48   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\fltk.org
2008-07-14 18:35   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-07-14 18:18   ---------   d-----w   C:\Program Files\Common Files\Vbox
2008-07-14 18:16   ---------   d-----w   C:\Program Files\Inkscape
2008-07-14 18:09   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\gtk-2.0
2008-07-14 18:05   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\Inkscape
2008-07-10 08:20   ---------   d-----w   C:\Program Files\Windows Live
2008-07-10 08:16   ---------   d-----w   C:\Program Files\Canon
2008-07-08 20:15   ---------   d-----w   C:\Program Files\BitNami Joomla Stack
2008-07-06 10:17   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\BearShare
2008-06-23 17:34   107,888   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2007-12-05 05:13   32   ----a-w   C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0059A13-6FFE-354C-9B97-E404139229DA}]
2008-08-28 14:25   159744   --a------   C:\WINDOWS\system32\mmx63496.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF36791A-1847-4059-8BB4-89C28E514C6D}]
2008-08-27 05:35   380928   --a------   C:\WINDOWS\rodqgpvlkmb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E46A59BF-81A2-48B5-A88A-E262DDC9349E}]
2008-08-28 11:17   380928   --a------   C:\WINDOWS\rodqgpvlkel.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-01 22:32 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"rqbmvpso"= {005FA0AC-2B79-4936-9C39-A0B4B77739C8} - C:\WINDOWS\rqbmvpso.dll [2008-08-28 11:17 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9c728295]
--a------ 2008-08-27 18:33 103552 C:\WINDOWS\system32\uehdtyfj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series]
--a------ 2007-04-12 08:00 182272 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICDE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2007-02-12 15:50 20480 C:\WINDOWS\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 15:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
--a------ 2006-10-10 15:11 827392 C:\WINDOWS\vsnp325.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-05-28 10:14 528384 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
--a------ 2005-10-28 02:01 139264 C:\Program Files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
--a------ 2006-10-10 16:49 270336 C:\WINDOWS\tsnp325.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2006-03-01 10:22 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2006-09-21 17:36 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2006-12-15 15:04 176128 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\BORGChat\\BORGChat.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 23:38]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-02-28 14:00]
R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-04-03 14:55]
S3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys []
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-06-29 10:59]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-06-29 10:59]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F4A96AB1-07E2-E578-7C1A-4B6C149787F8}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner2\Application Data\Mozilla\Firefox\Profiles\dzmyamhh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.zoznam.sk
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NpFv41629.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 19:26:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-08-28 19:27:52
ComboFix-quarantined-files.txt  2008-08-28 17:27:22
ComboFix2.txt  2008-08-28 15:24:45
ComboFix3.txt  2008-08-28 13:36:36

Pre-Run: 39,766,355,968 bytes free
Post-Run: 16 adresárov, 39,755,001,856 voľných bajtov

198   --- E O F ---   2007-12-07 20:11:14


možno to iste čo predtim nepozerala som sa na to kedže tomu nerozumiem


Offline yaJohny

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline yaJohny: 28.08.2008 19:55

aha, tak potom skus znova spustit combofix bez scriptu a obsah vloz sem, ked si nenasla predchadzajuci subor


Offline pipa0902

Užívateľ
Užívateľ
Pls skontrolujte log

Registrovaný: 29.05.07
Prihlásený: 27.09.10
Príspevky: 46
Témy: 15
Bydlisko: Topoľčany
Príspevok Napísal autor témyOffline pipa0902: 28.08.2008 20:02

ok tak skusim ale až zajtra. a potom to už 100% pojde? a mam vypnuť rezidtentny stit...?


Offline yaJohny

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline yaJohny: 28.08.2008 20:03

jj vypni stit, ked nemas cas na combofix, skus narychlo vlozit log z Hijackthis :) ak vies ako sa to robi


Offline pipa0902

Užívateľ
Užívateľ
Pls skontrolujte log

Registrovaný: 29.05.07
Prihlásený: 27.09.10
Príspevky: 46
Témy: 15
Bydlisko: Topoľčany
Príspevok Napísal autor témyOffline pipa0902: 28.08.2008 20:16

neviem ale prečitam navod. hadam až taka lama nie som :D


Offline pipa0902

Užívateľ
Užívateľ
Pls skontrolujte log

Registrovaný: 29.05.07
Prihlásený: 27.09.10
Príspevky: 46
Témy: 15
Bydlisko: Topoľčany
Príspevok Napísal autor témyOffline pipa0902: 29.08.2008 8:41

Tak tu je log z hijackthis

Kód:
Logfile of HijackThis v1.99.1
Scan saved at 08:38, on 29. 8. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner2\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: D - {B0059A13-6FFE-354C-9B97-E404139229DA} - C:\WINDOWS\system32\mmx63496.dll (file missing)
O2 - BHO: QXK Olive - {CF36791A-1847-4059-8BB4-89C28E514C6D} - C:\WINDOWS\rodqgpvlkmb.dll
O2 - BHO: QXK Olive - {E46A59BF-81A2-48B5-A88A-E262DDC9349E} - C:\WINDOWS\rodqgpvlkel.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: rqbmvpso - {005FA0AC-2B79-4936-9C39-A0B4B77739C8} - C:\WINDOWS\rqbmvpso.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



pozerala som to aj na stranke hijacthis.cz a našlo mi len jeden zbytočny a par neznámych


Offline yaJohny

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline yaJohny: 29.08.2008 9:46

pouzi avenger podla navodu: http://www.pcforum.sk/cistime-napadnuty ... 27265.html
so scriptom:
Kód:
Files to delete:
C:\WINDOWS\rodqgpvlkmb.dll
C:\WINDOWS\rodqgpvlkel.dll
C:\WINDOWS\rqbmvpso.dll

log vloz sem

a v Hijackthis fixni
O2 - BHO: D - {B0059A13-6FFE-354C-9B97-E404139229DA} - C:\WINDOWS\system32\mmx63496.dll (file missing)
O2 - BHO: QXK Olive - {CF36791A-1847-4059-8BB4-89C28E514C6D} - C:\WINDOWS\rodqgpvlkmb.dll
O2 - BHO: QXK Olive - {E46A59BF-81A2-48B5-A88A-E262DDC9349E} - C:\WINDOWS\rodqgpvlkel.dll
O21 - SSODL: rqbmvpso - {005FA0AC-2B79-4936-9C39-A0B4B77739C8} - C:\WINDOWS\rqbmvpso.dll


Offline pipa0902

Užívateľ
Užívateľ
Pls skontrolujte log

Registrovaný: 29.05.07
Prihlásený: 27.09.10
Príspevky: 46
Témy: 15
Bydlisko: Topoľčany
Príspevok Napísal autor témyOffline pipa0902: 29.08.2008 11:32

tak log:

Kód:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "C:\WINDOWS\rodqgpvlkmb.dll" not found!
Deletion of file "C:\WINDOWS\rodqgpvlkmb.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\rodqgpvlkel.dll" not found!
Deletion of file "C:\WINDOWS\rodqgpvlkel.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\rqbmvpso.dll" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.


ale najskôr som to fixla v hijackthis až potom som použila avenger vadi to?


Offline yaJohny

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline yaJohny: 29.08.2008 11:41

skus este raz comboix + hijackthis


Offline pipa0902

Užívateľ
Užívateľ
Pls skontrolujte log

Registrovaný: 29.05.07
Prihlásený: 27.09.10
Príspevky: 46
Témy: 15
Bydlisko: Topoľčany
Príspevok Napísal autor témyOffline pipa0902: 29.08.2008 12:54

tak log z hijackthis:

Kód:
Logfile of HijackThis v1.99.1
Scan saved at 12:32, on 29. 8. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner2\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: rqbmvpso - {154E1E0C-D545-4783-BB2E-827A9FF305CF} - C:\WINDOWS\rqbmvpso.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



z combofixu:

Kód:
ComboFix 08-08-27.06 - Owner2 2008-08-29 12:34:37.4 - NTFSx86
Running from: C:\Documents and Settings\Owner2\Desktop\ComboFix.exe
 * Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm

.
(((((((((((((((((((((((((   Files Created from 2008-07-28 to 2008-08-29  )))))))))))))))))))))))))))))))
.

2008-08-28 16:34 . 2008-08-28 16:34   <DIR>   d--------   C:\Nová složka
2008-08-27 18:33 . 2008-08-27 18:33   103,552   --a------   C:\WINDOWS\system32\uehdtyfj.dll
2008-08-27 08:54 . 2008-08-27 08:54   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\services
2008-08-27 08:52 . 2008-08-28 11:17   233,472   --a------   C:\WINDOWS\pdoskegl.dll
2008-08-27 08:52 . 2008-08-28 11:17   155,648   --a------   C:\WINDOWS\qalkfxor.dll
2008-08-27 08:52 . 2008-08-27 08:52   126,976   --a------   C:\WINDOWS\system32\wx77892.dll
2008-08-27 08:52 . 2008-08-28 11:17   86,016   --a------   C:\WINDOWS\rvoelbxt.exe
2008-08-16 10:56 . 2008-08-16 10:59   <DIR>   d--------   C:\Documents and Settings\Owner2\Application Data\FreeCall
2008-08-13 11:54 . 2008-08-13 11:54   209,635   --a------   C:\WINDOWS\IPUI_DivXG400.exe
2008-08-13 11:54 . 2002-05-17 16:17   184,320   --a------   C:\WINDOWS\system32\DivXG400.ax
2008-08-13 11:54 . 2008-08-13 11:54   21,810   --a------   C:\WINDOWS\system32\divxg400.htm
2008-08-09 22:53 . 2008-08-09 22:53   <DIR>   d--------   C:\Documents and Settings\Owner2\Application Data\Amaranth Games
2008-08-09 22:36 . 2008-08-09 22:36   <DIR>   d--------   C:\Documents and Settings\Owner2\Application Data\UNOUndercover
2008-08-09 22:35 . 2008-08-09 22:35   <DIR>   d--------   C:\Program Files\Yummy Drink Factory
2008-08-09 21:56 . 2008-08-09 22:24   <DIR>   d--------   C:\Documents and Settings\Owner2\Application Data\Boomzap

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 19:17   ---------   d-----w   C:\Program Files\EA GAMES
2008-08-28 19:14   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\uTorrent
2008-08-28 19:13   ---------   d-----w   C:\Program Files\ICQ6
2008-08-28 14:39   ---------   d-----w   C:\Program Files\ESET
2008-08-25 18:34   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\Skype
2008-08-25 17:40   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\skypePM
2008-08-22 19:37   ---------   d-----w   C:\Program Files\Java
2008-08-21 07:40   ---------   d-----w   C:\Program Files\Conduit
2008-08-15 08:43   ---------   d-----w   C:\Program Files\LimeWire
2008-08-15 08:42   ---------   d-----w   C:\Program Files\GedonSoft
2008-08-15 08:42   ---------   d-----w   C:\Program Files\Delicious Deluxe
2008-08-15 08:41   ---------   d-----w   C:\Program Files\Shopping Blocks
2008-08-15 08:39   ---------   d-----w   C:\Program Files\Vogue Tales
2008-08-15 08:37   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\MxBoost
2008-08-03 20:54   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-07-30 15:12   ---------   d-----w   C:\Program Files\Web Picture Creator
2008-07-23 09:43   ---------   d-----w   C:\Program Files\Atlantis Quest
2008-07-21 10:12   ---------   d-----w   C:\Program Files\Sims2Pack Clean Installer
2008-07-20 17:49   ---------   d-----w   C:\Program Files\Cat Daddy Games
2008-07-20 17:40   ---------   d-----w   C:\Program Files\Zen Fashion
2008-07-20 17:27   ---------   d-----w   C:\Program Files\Fitness Frenzy
2008-07-20 17:27   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Fitn17
2008-07-18 19:24   ---------   d-----w   C:\Program Files\SlySoft
2008-07-18 18:48   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\fltk.org
2008-07-14 18:35   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-07-14 18:18   ---------   d-----w   C:\Program Files\Common Files\Vbox
2008-07-14 18:16   ---------   d-----w   C:\Program Files\Inkscape
2008-07-14 18:09   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\gtk-2.0
2008-07-14 18:05   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\Inkscape
2008-07-10 08:20   ---------   d-----w   C:\Program Files\Windows Live
2008-07-10 08:16   ---------   d-----w   C:\Program Files\Canon
2008-07-08 20:15   ---------   d-----w   C:\Program Files\BitNami Joomla Stack
2008-07-06 10:17   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\BearShare
2008-06-23 17:34   107,888   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2007-12-05 05:13   32   ----a-w   C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-01 22:32 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9c728295]
--a------ 2008-08-27 18:33 103552 C:\WINDOWS\system32\uehdtyfj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series]
--a------ 2007-04-12 08:00 182272 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICDE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2007-02-12 15:50 20480 C:\WINDOWS\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 15:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
--a------ 2006-10-10 15:11 827392 C:\WINDOWS\vsnp325.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-05-28 10:14 528384 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
--a------ 2005-10-28 02:01 139264 C:\Program Files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
--a------ 2006-10-10 16:49 270336 C:\WINDOWS\tsnp325.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2006-03-01 10:22 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2006-09-21 17:36 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2006-12-15 15:04 176128 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\BORGChat\\BORGChat.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 23:38]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-02-28 14:00]
R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-04-03 14:55]
S3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys []
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-06-29 10:59]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-06-29 10:59]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F4A96AB1-07E2-E578-7C1A-4B6C149787F8}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
- - - - ORPHANS REMOVED - - - -

SSODL-rqbmvpso-{154E1E0C-D545-4783-BB2E-827A9FF305CF} - C:\WINDOWS\rqbmvpso.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner2\Application Data\Mozilla\Firefox\Profiles\dzmyamhh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.zoznam.sk
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NpFv41629.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 12:37:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-08-29 12:40:52
ComboFix-quarantined-files.txt  2008-08-29 10:39:58
ComboFix2.txt  2008-08-28 17:27:53
ComboFix3.txt  2008-08-28 15:24:45
ComboFix4.txt  2008-08-28 13:36:36

Pre-Run: 38,883,663,872 bytes free
Post-Run: 17 adresárov, 38,876,876,800 voľných bajtov

187   --- E O F ---   2007-12-07 20:11:14


Offline yaJohny

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline yaJohny: 29.08.2008 13:26

znova combofix s tymto scriptom:
Kód:
File::
C:\WINDOWS\pdoskegl.dll
C:\WINDOWS\qalkfxor.dll
C:\WINDOWS\system32\wx77892.dll
C:\WINDOWS\rvoelbxt.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9c728295]

ulozis ako cfscript.txt a potom pretiahnes na ikonku combofixu


Offline pipa0902

Užívateľ
Užívateľ
Pls skontrolujte log

Registrovaný: 29.05.07
Prihlásený: 27.09.10
Príspevky: 46
Témy: 15
Bydlisko: Topoľčany
Príspevok Napísal autor témyOffline pipa0902: 29.08.2008 13:43

tak so scriptom

Kód:
ComboFix 08-08-27.06 - Owner2 2008-08-29 13:34:23.5 - NTFSx86
Systém Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1033.18.206 [GMT 2:00]
Running from: C:\Documents and Settings\Owner2\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner2\Desktop\cfscript.txt
 * Created a new restore point
 * Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\pdoskegl.dll
C:\WINDOWS\qalkfxor.dll
C:\WINDOWS\rvoelbxt.exe
C:\WINDOWS\system32\wx77892.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pdoskegl.dll
C:\WINDOWS\qalkfxor.dll
C:\WINDOWS\rvoelbxt.exe
C:\WINDOWS\system32\wx77892.dll

.
(((((((((((((((((((((((((   Files Created from 2008-07-28 to 2008-08-29  )))))))))))))))))))))))))))))))
.

2008-08-28 16:34 . 2008-08-28 16:34   <DIR>   d--------   C:\Nová složka
2008-08-27 18:33 . 2008-08-27 18:33   103,552   --a------   C:\WINDOWS\system32\uehdtyfj.dll
2008-08-27 08:54 . 2008-08-27 08:54   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\services
2008-08-16 10:56 . 2008-08-16 10:59   <DIR>   d--------   C:\Documents and Settings\Owner2\Application Data\FreeCall
2008-08-13 11:54 . 2008-08-13 11:54   209,635   --a------   C:\WINDOWS\IPUI_DivXG400.exe
2008-08-13 11:54 . 2002-05-17 16:17   184,320   --a------   C:\WINDOWS\system32\DivXG400.ax
2008-08-13 11:54 . 2008-08-13 11:54   21,810   --a------   C:\WINDOWS\system32\divxg400.htm
2008-08-09 22:53 . 2008-08-09 22:53   <DIR>   d--------   C:\Documents and Settings\Owner2\Application Data\Amaranth Games
2008-08-09 22:36 . 2008-08-09 22:36   <DIR>   d--------   C:\Documents and Settings\Owner2\Application Data\UNOUndercover
2008-08-09 22:35 . 2008-08-09 22:35   <DIR>   d--------   C:\Program Files\Yummy Drink Factory
2008-08-09 21:56 . 2008-08-09 22:24   <DIR>   d--------   C:\Documents and Settings\Owner2\Application Data\Boomzap

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 19:17   ---------   d-----w   C:\Program Files\EA GAMES
2008-08-28 19:14   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\uTorrent
2008-08-28 19:13   ---------   d-----w   C:\Program Files\ICQ6
2008-08-28 14:39   ---------   d-----w   C:\Program Files\ESET
2008-08-25 18:34   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\Skype
2008-08-25 17:40   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\skypePM
2008-08-22 19:37   ---------   d-----w   C:\Program Files\Java
2008-08-21 07:40   ---------   d-----w   C:\Program Files\Conduit
2008-08-15 08:43   ---------   d-----w   C:\Program Files\LimeWire
2008-08-15 08:42   ---------   d-----w   C:\Program Files\GedonSoft
2008-08-15 08:42   ---------   d-----w   C:\Program Files\Delicious Deluxe
2008-08-15 08:41   ---------   d-----w   C:\Program Files\Shopping Blocks
2008-08-15 08:39   ---------   d-----w   C:\Program Files\Vogue Tales
2008-08-15 08:37   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\MxBoost
2008-08-03 20:54   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-07-30 15:12   ---------   d-----w   C:\Program Files\Web Picture Creator
2008-07-23 09:43   ---------   d-----w   C:\Program Files\Atlantis Quest
2008-07-21 10:12   ---------   d-----w   C:\Program Files\Sims2Pack Clean Installer
2008-07-20 17:49   ---------   d-----w   C:\Program Files\Cat Daddy Games
2008-07-20 17:40   ---------   d-----w   C:\Program Files\Zen Fashion
2008-07-20 17:27   ---------   d-----w   C:\Program Files\Fitness Frenzy
2008-07-20 17:27   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Fitn17
2008-07-18 19:24   ---------   d-----w   C:\Program Files\SlySoft
2008-07-18 18:48   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\fltk.org
2008-07-14 18:35   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-07-14 18:18   ---------   d-----w   C:\Program Files\Common Files\Vbox
2008-07-14 18:16   ---------   d-----w   C:\Program Files\Inkscape
2008-07-14 18:09   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\gtk-2.0
2008-07-14 18:05   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\Inkscape
2008-07-10 08:20   ---------   d-----w   C:\Program Files\Windows Live
2008-07-10 08:16   ---------   d-----w   C:\Program Files\Canon
2008-07-08 20:15   ---------   d-----w   C:\Program Files\BitNami Joomla Stack
2008-07-06 10:17   ---------   d-----w   C:\Documents and Settings\Owner2\Application Data\BearShare
2008-06-23 17:34   107,888   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2007-12-05 05:13   32   ----a-w   C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-01 22:32 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series]
--a------ 2007-04-12 08:00 182272 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICDE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2007-02-12 15:50 20480 C:\WINDOWS\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 15:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
--a------ 2006-10-10 15:11 827392 C:\WINDOWS\vsnp325.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-05-28 10:14 528384 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
--a------ 2005-10-28 02:01 139264 C:\Program Files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
--a------ 2006-10-10 16:49 270336 C:\WINDOWS\tsnp325.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2006-03-01 10:22 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2006-09-21 17:36 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2006-12-15 15:04 176128 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\BORGChat\\BORGChat.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 23:38]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-02-28 14:00]
R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-04-03 14:55]
S3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys []
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-06-29 10:59]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-06-29 10:59]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F4A96AB1-07E2-E578-7C1A-4B6C149787F8}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 13:37:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-08-29 13:39:19
ComboFix-quarantined-files.txt  2008-08-29 11:38:58
ComboFix2.txt  2008-08-29 10:40:53
ComboFix3.txt  2008-08-28 17:27:53
ComboFix4.txt  2008-08-28 15:24:45
ComboFix5.txt  2008-08-29 11:32:31

Pre-Run: 38,850,719,744 bytes free
Post-Run: 17 adresárov, 38,838,820,864 voľných bajtov

177   --- E O F ---   2007-12-07 20:11:14


Odpovedať na tému Stránka: 1 z 1
 [ Príspevkov: 16 ] 

Obsah fóra » Software » Antivíry, bezpečnosť a sieť » Antivíry a antispywary » Pls skontrolujte log


Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy. Pls skontrolujte mi log z HijackThis

v Bezpečnosť a firewally

7

1493

11.05.2007 15:07

Jaro Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Skontrolujte mi to pls

v PC zostavy

9

461

07.08.2007 21:05

cyr0 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Logfile of Trend Micro HijackThis - pls skontrolujte

v Antivíry a antispywary

1

718

03.12.2007 23:17

Roberbo Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Hijack log-pls

v Antivíry a antispywary

13

651

17.07.2008 21:38

McDog Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. PLS kontrola log z HJT

v Antivíry a antispywary

22

1140

05.01.2008 12:14

Mandy Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Unikli heslá miliónov používateľov Gmailu: Skontrolujte si TU, či nie ste medzi nimi!

v Novinky

7

2608

12.09.2014 18:10

KocuR Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. PLS poraďťe počítač do 32 000 sk PLS

[ Choď na stránku:Choď na stránku: 1, 2 ]

v PC zostavy

45

2033

11.03.2009 22:09

mimkork Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosim pomôžte pls pls

v Sieťové a internetové programy

5

537

15.02.2009 14:59

ac.milan Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Log

v PHP, ASP

2

480

12.07.2010 17:49

camo Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Log,

v PHP, ASP

12

890

09.12.2008 19:52

pire Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. LOG

v Ostatné operačné systémy

1

403

10.08.2012 19:53

mtxd Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. log

v Bezpečnosť a firewally

3

1210

28.05.2008 22:45

maposko Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. log

v Správy pre vedenie fóra

4

1180

16.12.2008 18:45

JanoF Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Error Log

v PHP, ASP

3

451

02.05.2014 23:45

killer Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Apache log

v Webhosting a servery

2

588

09.02.2010 8:40

Huli Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. mwav log

v Antivíry a antispywary

1

804

31.01.2008 11:41

br4n0 Zobrazenie posledných príspevkov


Nemôžete zakladať nové témy v tomto fóre
Nemôžete odpovedať na témy v tomto fóre
Nemôžete upravovať svoje príspevky v tomto fóre
Nemôžete mazať svoje príspevky v tomto fóre

Skočiť na:  

Powered by phpBB Jarvis © 2005 - 2024 PCforum, webhosting by WebSupport, secured by GeoTrust, edited by JanoF
Ako väčšina webových stránok aj my používame cookies. Zotrvaním na webovej stránke súhlasíte, že ich môžeme používať.
Všeobecné podmienky, spracovanie osobných údajov a pravidlá fóra