ahojte. mám nasledovný problém. už som sa pýtal na inom webe, tak sem skopírujem tú diskusiu. urobím to len preto aby som mal viac názorov. a možno sa v tom niekto z vás lepšie zorientuje.
takže tá diskusia:
Předmět příspěvku: AVIRA A ODRATAVANIE
pjotr2009
vyhodilo mi warning, jednalo sa o trojan. medzi možnostami som mal deny access. stačilo odkliknuť OK. avšak dole pri OK prebiehalo akési odratavanie. neviete o čo mohlo ísť ? nemám totiž návod k avire.
mam aviru antivir personal.
_____________________________________________________
Rudy
Dejte log z RSIT: viewtopic.php?f=13&t=82743 .
___________________________________________________
pjotr2009
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-11-28 11:49:03
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 11 GB (19%) free of 60 GB
Total RAM: 511 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:53, on 28.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\Administrator\msword98.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: algqeh32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6516 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar BHO - C:\Program Files\Winamp Toolbar\winamptb.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-31 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-05-14 3784704]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-05-14 81920]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-31 149280]
"Device Detector"=DevDetect.exe -autorun []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-03 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []
"msword98"=C:\Documents and Settings\Administrator\msword98.exe []
C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
algqeh32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======List of files/folders created in the last 1 months======
2009-11-28 11:49:04 ----D---- C:\Program Files\trend micro
2009-11-28 11:49:03 ----D---- C:\rsit
2009-11-28 09:57:10 ----A---- C:\WINDOWS\system32\photo_id.exe
2009-11-11 14:41:23 ----SHD---- C:\Config.Msi
2009-11-01 16:14:58 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM
2009-11-01 16:14:16 ----D---- C:\Program Files\Common Files\Skype
======List of files/folders modified in the last 1 months======
2009-11-28 11:49:09 ----D---- C:\WINDOWS\Prefetch
2009-11-28 11:49:04 ----RD---- C:\Program Files
2009-11-28 11:45:40 ----D---- C:\Program Files\Mozilla Firefox
2009-11-28 11:45:13 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype
2009-11-28 11:44:12 ----D---- C:\WINDOWS\temp
2009-11-28 11:44:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-28 11:42:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-28 11:41:53 ----D---- C:\WINDOWS\system32
2009-11-28 11:35:58 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent
2009-11-28 10:28:50 ----D---- C:\Filmy
2009-11-28 10:28:41 ----D---- C:\Documents and Settings\Administrator\Application Data\foobar2000
2009-11-28 10:01:38 ----A---- C:\WINDOWS\WINCMD.INI
2009-11-15 07:20:37 ----D---- C:\Program Files\SpeedFan
2009-11-11 21:40:03 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-11-11 21:38:58 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2009-11-11 16:31:05 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-11-11 15:49:54 ----D---- C:\WINDOWS
2009-11-11 15:18:38 ----D---- C:\Program Files\uTorrent
2009-11-11 14:42:26 ----SHD---- C:\WINDOWS\Installer
2009-11-11 14:41:39 ----D---- C:\WINDOWS\system32\drivers
2009-11-01 16:14:17 ----RD---- C:\Program Files\Skype
2009-11-01 16:14:16 ----D---- C:\Program Files\Common Files
2009-11-01 16:14:09 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-01-08 812416]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-05-14 2205760]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-06-13 45568]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 soqwx32;soqwx32; \??\C:\WINDOWS\system32\drivers\soqwx32.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-07-07 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-31 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-05-14 114755]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Služba Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
-----------------EOF-----------------
______________________________________________________
Rudy
Pár šmejdů tam vidím. Dejte log z ComboFix.
_____________________________________________
pjotr2009
ComboFix 09-11-27.05 - Administrator 28.11.2009 12:06.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.217 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Application Data\wiaserva.log
c:\documents and settings\Administrator\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Administrator\Start Menu\Programs\Startup\algqeh32.exe
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\2566376583.dat
c:\windows\system32\config\systemprofile\photo_id.exe
c:\windows\system32\photo_id.exe
.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-28 )))))))))))))))))))))))))))))))
.
2009-11-28 10:49 . 2009-11-28 10:49 -------- d-----w- c:\program files\trend micro
2009-11-28 10:49 . 2009-11-28 10:49 -------- d-----w- C:\rsit
2009-11-01 15:14 . 2009-11-01 15:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-01 15:14 . 2009-11-28 10:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-11-01 15:14 . 2009-11-01 15:14 -------- d-----w- c:\program files\Common Files\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-28 11:16 . 2007-01-27 13:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-11-28 10:41 . 2009-11-28 10:40 12 ----a-w- c:\documents and settings\NetworkService\Application Data\cbqozg.dat
2009-11-28 10:35 . 2007-08-28 12:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-11-28 09:28 . 2009-06-20 17:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\foobar2000
2009-11-28 08:57 . 2009-11-28 08:57 12 ----a-w- c:\documents and settings\Administrator\Application Data\cbqozg.dat
2009-11-28 08:56 . 2009-11-28 08:56 4 ----a-w- c:\documents and settings\Administrator\Application Data\avdrn.dat
2009-11-15 06:20 . 2009-08-27 19:22 -------- d-----w- c:\program files\SpeedFan
2009-11-11 14:18 . 2007-08-28 12:38 -------- d-----w- c:\program files\uTorrent
2009-11-01 15:14 . 2007-01-27 13:29 -------- d-----r- c:\program files\Skype
2009-11-01 15:14 . 2007-01-27 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-28 22:45 . 2009-10-28 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-28 22:42 . 2009-10-28 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-28 22:29 . 2009-10-28 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-28 22:29 . 2009-10-28 22:29 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-28 22:29 . 2009-10-28 22:29 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-10-24 05:17 . 2007-04-27 11:29 -------- d-----w- c:\program files\Java
2009-10-24 05:16 . 2009-10-24 05:16 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-16 12:51 . 2009-09-16 12:51 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-20_16.31.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-11-28 11:14 . 2009-11-28 11:14 16384 c:\windows\temp\Perflib_Perfdata_668.dat
- 2003-07-07 16:00 . 2009-03-29 05:57 40836 c:\windows\system32\perfc009.dat
+ 2003-07-07 16:00 . 2009-10-25 05:28 40836 c:\windows\system32\perfc009.dat
+ 2008-08-09 07:18 . 2009-10-28 22:29 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-07-18 06:13 . 2009-07-18 06:13 48749 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-08-27 19:34 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-08-27 19:34 . 2009-03-30 08:33 96104 c:\windows\system32\drivers\avipbb.sys
+ 2009-08-27 19:34 . 2009-02-13 10:29 22360 c:\windows\system32\drivers\avgntmgr.sys
+ 2009-08-27 19:34 . 2009-07-28 14:33 55656 c:\windows\system32\drivers\avgntflt.sys
+ 2009-08-27 19:34 . 2009-02-13 10:17 45416 c:\windows\system32\drivers\avgntdd.sys
+ 2009-07-18 06:13 . 2009-07-18 06:13 18192 c:\windows\system32\Dexter Screen Saver dir\saver2.dll
+ 2009-07-18 06:13 . 2009-07-18 06:13 34304 c:\windows\system32\Dexter Screen Saver dir\saver1.dll
- 2006-08-27 15:57 . 2009-02-20 07:15 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-27 15:57 . 2009-11-28 08:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-08-27 15:57 . 2009-02-20 07:15 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-08-27 15:57 . 2009-11-28 08:58 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-08-27 15:57 . 2009-02-20 07:15 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-08-27 15:57 . 2009-11-28 08:58 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-05-05 15:22 . 2007-05-05 15:22 29696 c:\windows\Installer\5d552b.msi
+ 2006-09-24 13:28 . 2006-09-24 13:28 5248 c:\windows\system32\speedfan.sys
+ 1996-04-03 19:33 . 1996-04-03 19:33 5248 c:\windows\system32\giveio.sys
- 2006-08-27 16:49 . 2007-08-03 19:22 3251 c:\windows\mozver.dat
+ 2006-08-27 16:49 . 2009-07-25 08:09 3251 c:\windows\mozver.dat
+ 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2006-12-01 20:54 . 2006-12-01 20:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 20:54 . 2006-12-01 20:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54 . 2006-12-01 20:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2009-07-18 11:43 . 2009-07-18 11:43 231252 c:\windows\uninstall 24 Screensaver v1s by erazboy.exe
+ 2003-07-07 16:00 . 2009-10-25 05:28 314508 c:\windows\system32\perfh009.dat
- 2003-07-07 16:00 . 2009-03-29 05:57 314508 c:\windows\system32\perfh009.dat
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-06-11 20:04 . 2007-06-11 20:04 190696 c:\windows\system32\Macromed\Flash\FlashUtil9d.exe
+ 2009-10-24 05:17 . 2009-07-31 13:23 149280 c:\windows\system32\javaws.exe
+ 2009-10-24 05:17 . 2009-07-31 13:23 145184 c:\windows\system32\javaw.exe
+ 2009-10-24 05:17 . 2009-07-31 13:23 145184 c:\windows\system32\java.exe
+ 2009-08-27 08:07 . 2004-08-03 21:15 574592 c:\windows\system32\drivers\ntfs.sys
- 2003-07-07 16:00 . 2004-08-03 21:15 574592 c:\windows\system32\drivers\ntfs.sys
+ 2009-07-18 06:13 . 2009-07-18 06:13 520192 c:\windows\system32\Dexter Screen Saver.scr
+ 2009-09-16 12:52 . 2009-07-31 13:23 411368 c:\windows\system32\deploytk.dll
+ 2009-07-18 17:24 . 2008-07-25 08:23 797256 c:\windows\Resources\Themes\Embedded\Shell\NormalColor\shellstyle.dll
+ 2009-08-27 19:32 . 2009-08-27 19:32 228352 c:\windows\Installer\ecc6.msi
+ 2009-09-13 13:37 . 2009-09-13 13:37 694272 c:\windows\Installer\c02bf1.msi
+ 2009-09-16 12:52 . 2009-09-16 12:52 537600 c:\windows\Installer\9fdff1.msi
+ 2007-05-05 15:21 . 2007-05-05 15:21 716288 c:\windows\Installer\5d551b.msi
+ 2006-08-27 16:02 . 2006-08-27 16:02 264704 c:\windows\Installer\310a0.msi
+ 2009-11-01 15:14 . 2009-11-01 15:14 794112 c:\windows\Installer\1ce101f.msi
+ 2007-04-27 11:29 . 2007-04-27 11:29 268800 c:\windows\Installer\166bf4d.msi
+ 2009-11-01 15:14 . 2009-11-01 15:14 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2006-08-31 19:05 . 2005-04-04 00:07 982016 c:\windows\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\ISScript11.Msi
+ 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2003-07-07 16:00 . 2004-07-17 09:35 1326080 c:\windows\system32\webfldrs.msi
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2006-08-27 16:25 . 2004-07-17 09:35 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2009-09-13 13:37 . 2009-09-13 13:37 9013760 c:\windows\Installer\c02bf5.msi
+ 2006-08-27 17:24 . 2006-08-27 17:24 2439680 c:\windows\Installer\8f326.msi
+ 2009-11-01 15:14 . 2009-11-01 15:14 1565696 c:\windows\Installer\1ce1019.msi
+ 2007-08-28 13:07 . 2007-08-28 13:07 8265216 c:\windows\Installer\1beaec.msi
+ 2006-08-27 16:41 . 2006-08-27 16:41 5806592 c:\windows\Installer\16922.msi
+ 2009-01-06 13:08 . 2009-01-06 13:08 1549312 c:\windows\Installer\166fbbd.msi
+ 2006-08-31 19:05 . 2006-06-19 14:04 9934848 c:\windows\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\iTunes.msi
+ 2006-08-27 17:23 . 2004-07-07 13:35 2440704 c:\windows\Cache\Adobe Reader 6.0.1\CZEBIG\Adobe Reader 6.0.2 CE.msi
+ 2009-07-18 11:43 . 2009-07-18 11:43 1982086 c:\windows\24 Screensaver v1s by erazboy.scr
+ 2006-08-27 16:20 . 2003-07-07 16:00 1325568 c:\windows\$NtServicePackUninstall$\webfldrs.msi
+ 2007-05-05 15:21 . 2007-01-19 11:20 16667648 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
+ 2006-10-29 15:44 . 2006-07-29 19:39 15624704 c:\windows\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi
+ 2006-12-10 19:20 . 2007-01-28 09:50 25214976 c:\windows\Downloaded Installations\{D4E92304-957E-45AC-90FE-ED9CD4744E5B}\ACDSee Pro.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-05-14 3784704]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-05-14 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-05-14 831488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-03 53760]
c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-8-27 113664]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.8.2009 20:34 108289]
S1 soqwx32;soqwx32;\??\c:\windows\system32\drivers\soqwx32.sys --> c:\windows\system32\drivers\soqwx32.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\25t2mvec.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.sk/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-msword98 - c:\documents and settings\Administrator\msword98.exe
HKLM-Run-Device Detector - DevDetect.exe
AddRemove-foobar2000 - c:\program files\foobar2000\uninstall.exe _?=c:\program files\foobar2000
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
AddRemove-Xvid_is1 - c:\program files\Xvid\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-11-28 12:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3232)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\ACD Systems\EN\DevDetect.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-11-28 12:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-28 11:22
ComboFix2.txt 2009-06-20 16:49
ComboFix3.txt 2009-06-20 16:34
Pre-Run: 12 032 774 144 bytes free
Post-Run: 18 522 775 552 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - C9532E007C544E6751BD11E7E773419E
_____________________________________________________
Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Citace:
Collect::
c:\windows\system32\drivers\soqwx32.sys
Driver::
soqwx32
Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.
________________________________________________________
pjotr2009
ComboFix 09-11-27.07 - Administrator 28.11.2009 18:11.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.363 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts
c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\Adobe Gamma Loader.lnk
c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\McAfee Security Scan.lnk
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_soqwx32
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-28 )))))))))))))))))))))))))))))))
.
2009-11-28 10:49 . 2009-11-28 10:49 -------- d-----w- c:\program files\trend micro
2009-11-28 10:49 . 2009-11-28 10:49 -------- d-----w- C:\rsit
2009-11-01 15:14 . 2009-11-01 15:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-01 15:14 . 2009-11-28 17:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-11-01 15:14 . 2009-11-01 15:14 -------- d-----w- c:\program files\Common Files\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-28 17:22 . 2007-01-27 13:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-11-28 17:18 . 2007-08-28 12:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-11-28 14:12 . 2009-06-20 17:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\foobar2000
2009-11-28 13:30 . 2009-08-27 18:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-28 10:41 . 2009-11-28 10:40 12 ----a-w- c:\documents and settings\NetworkService\Application Data\cbqozg.dat
2009-11-28 08:57 . 2009-11-28 08:57 12 ----a-w- c:\documents and settings\Administrator\Application Data\cbqozg.dat
2009-11-28 08:56 . 2009-11-28 08:56 4 ----a-w- c:\documents and settings\Administrator\Application Data\avdrn.dat
2009-11-15 06:20 . 2009-08-27 19:22 -------- d-----w- c:\program files\SpeedFan
2009-11-11 14:18 . 2007-08-28 12:38 -------- d-----w- c:\program files\uTorrent
2009-11-01 15:14 . 2007-01-27 13:29 -------- d-----r- c:\program files\Skype
2009-11-01 15:14 . 2007-01-27 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-28 22:45 . 2009-10-28 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-28 22:42 . 2009-10-28 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-28 22:29 . 2009-10-28 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-28 22:29 . 2009-10-28 22:29 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-28 22:29 . 2009-10-28 22:29 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-10-24 05:17 . 2007-04-27 11:29 -------- d-----w- c:\program files\Java
2009-10-24 05:16 . 2009-10-24 05:16 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-16 12:51 . 2009-09-16 12:51 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-11-28_11.15.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-28 17:19 . 2009-11-28 17:19 16384 c:\windows\temp\Perflib_Perfdata_658.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-05-14 3784704]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-05-14 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-05-14 831488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-03 53760]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.8.2009 20:34 108289]
.
.
------- Supplementary Scan -------
.
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\25t2mvec.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.sk/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-11-28 18:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2996)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\SkypePM.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-11-28 18:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-28 17:27
ComboFix2.txt 2009-11-28 11:22
ComboFix3.txt 2009-06-20 16:49
ComboFix4.txt 2009-06-20 16:34
Pre-Run: 18 527 150 080 bytes free
Post-Run: 18 453 921 792 bytes free
- - End Of File - - 37F46C259FA58121E402D3AAB960F0B8
________________________________________________________
Rudy
Smazáno. Log již vypadá čistý.
_____________________________________________________
pjotr2009
DAKUJEM VELMI PEKNE
_______________________________________________
Rudy
Nemáte zač!
______________________________________________________
pjotr2009
hm. takže teraz v noci, celkom nečakane, mi vybehlo upozornenie od aviry že bol najdeny virus, trojan. opať sa zopakovalo to čo pred tym, to jest, medzi možnostami bola vysvietena "deny access" a opäť prebiehalo odratavanie v OK. ani som nestihol na to OK kliknuť.
ani nesurfoval som po internete, ale to bude asi irelevantne. tak neviem ako sa toho zbaviť.
____________________________________________
pjotr2009
oskenoval som počitač avirou. našiel dva krát trojana. síce som na konci skanovania klikol na repair all, no nie som si istý či to pomohlo. pretože teraz pri zapínaní windowsu, mi vyhadzuje toto: "Please select your operation system" pod tym je vysvietený "mircosoft..." a dalej to ani nedočítam lebo sa to zobrazí na krátku chvílu. potom síce už len zadám moje prihlasovacie heslo, a všetko ide jak má, otvorí sa mi windows. neviem či som to videl už aj pred tým, a teraz si to všímam lebo panikárim a v skutočbnosti o nič nejde. alebo či vírus stačil niečo zmeniť a aké následky to bude mať. súvisí to s BOOT.INI file. ?? ak ano čo sa s tým dá robiť ? v avire je možnosť "boot records scan" mal by som to skúsiť, alebo to s tym nesúvisí ? podotykam som laik
to ti muselo dat vela roboty to tu skopirovat....
ZBYTOCNA TEMA
Choď na stránku: