Obsah fóra
PravidláRegistrovaťPrihlásenie

Obsah fóra » Software » Antivíry, bezpečnosť a sieť » Antivíry a antispywary » PROBLéM S TROJANOM





Odpovedať na tému Stránka: 1 z 1
 [ Príspevkov: 4 ] 
AutorSpráva
Offline pjotr2009

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.11.09
Prihlásený: 29.11.09
Príspevky: 1
Témy: 1
Príspevok NapísalOffline pjotr2009: 29.11.2009 9:17

ahojte. mám nasledovný problém. už som sa pýtal na inom webe, tak sem skopírujem tú diskusiu. urobím to len preto aby som mal viac názorov. a možno sa v tom niekto z vás lepšie zorientuje.

takže tá diskusia:

Předmět příspěvku: AVIRA A ODRATAVANIE

pjotr2009
vyhodilo mi warning, jednalo sa o trojan. medzi možnostami som mal deny access. stačilo odkliknuť OK. avšak dole pri OK prebiehalo akési odratavanie. neviete o čo mohlo ísť ? nemám totiž návod k avire.

mam aviru antivir personal.
_____________________________________________________
Rudy

Dejte log z RSIT: viewtopic.php?f=13&t=82743 .
___________________________________________________
pjotr2009

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-11-28 11:49:03
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 11 GB (19%) free of 60 GB
Total RAM: 511 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:53, on 28.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\Administrator\msword98.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: algqeh32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6516 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar BHO - C:\Program Files\Winamp Toolbar\winamptb.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-05-14 3784704]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-05-14 81920]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-31 149280]
"Device Detector"=DevDetect.exe -autorun []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-03 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []
"msword98"=C:\Documents and Settings\Administrator\msword98.exe []

C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
algqeh32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-11-28 11:49:04 ----D---- C:\Program Files\trend micro
2009-11-28 11:49:03 ----D---- C:\rsit
2009-11-28 09:57:10 ----A---- C:\WINDOWS\system32\photo_id.exe
2009-11-11 14:41:23 ----SHD---- C:\Config.Msi
2009-11-01 16:14:58 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM
2009-11-01 16:14:16 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 months======

2009-11-28 11:49:09 ----D---- C:\WINDOWS\Prefetch
2009-11-28 11:49:04 ----RD---- C:\Program Files
2009-11-28 11:45:40 ----D---- C:\Program Files\Mozilla Firefox
2009-11-28 11:45:13 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype
2009-11-28 11:44:12 ----D---- C:\WINDOWS\temp
2009-11-28 11:44:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-28 11:42:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-28 11:41:53 ----D---- C:\WINDOWS\system32
2009-11-28 11:35:58 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent
2009-11-28 10:28:50 ----D---- C:\Filmy
2009-11-28 10:28:41 ----D---- C:\Documents and Settings\Administrator\Application Data\foobar2000
2009-11-28 10:01:38 ----A---- C:\WINDOWS\WINCMD.INI
2009-11-15 07:20:37 ----D---- C:\Program Files\SpeedFan
2009-11-11 21:40:03 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-11-11 21:38:58 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2009-11-11 16:31:05 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-11-11 15:49:54 ----D---- C:\WINDOWS
2009-11-11 15:18:38 ----D---- C:\Program Files\uTorrent
2009-11-11 14:42:26 ----SHD---- C:\WINDOWS\Installer
2009-11-11 14:41:39 ----D---- C:\WINDOWS\system32\drivers
2009-11-01 16:14:17 ----RD---- C:\Program Files\Skype
2009-11-01 16:14:16 ----D---- C:\Program Files\Common Files
2009-11-01 16:14:09 ----D---- C:\Documents and Settings\All Users\Application Data\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-01-08 812416]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-05-14 2205760]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-06-13 45568]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 soqwx32;soqwx32; \??\C:\WINDOWS\system32\drivers\soqwx32.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-07-07 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-31 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-05-14 114755]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Služba Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------


______________________________________________________
Rudy

Pár šmejdů tam vidím. Dejte log z ComboFix.

_____________________________________________
pjotr2009

ComboFix 09-11-27.05 - Administrator 28.11.2009 12:06.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.217 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\wiaserva.log
c:\documents and settings\Administrator\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Administrator\Start Menu\Programs\Startup\algqeh32.exe
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\2566376583.dat
c:\windows\system32\config\systemprofile\photo_id.exe
c:\windows\system32\photo_id.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-28 )))))))))))))))))))))))))))))))
.

2009-11-28 10:49 . 2009-11-28 10:49 -------- d-----w- c:\program files\trend micro
2009-11-28 10:49 . 2009-11-28 10:49 -------- d-----w- C:\rsit
2009-11-01 15:14 . 2009-11-01 15:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-01 15:14 . 2009-11-28 10:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-11-01 15:14 . 2009-11-01 15:14 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-28 11:16 . 2007-01-27 13:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-11-28 10:41 . 2009-11-28 10:40 12 ----a-w- c:\documents and settings\NetworkService\Application Data\cbqozg.dat
2009-11-28 10:35 . 2007-08-28 12:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-11-28 09:28 . 2009-06-20 17:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\foobar2000
2009-11-28 08:57 . 2009-11-28 08:57 12 ----a-w- c:\documents and settings\Administrator\Application Data\cbqozg.dat
2009-11-28 08:56 . 2009-11-28 08:56 4 ----a-w- c:\documents and settings\Administrator\Application Data\avdrn.dat
2009-11-15 06:20 . 2009-08-27 19:22 -------- d-----w- c:\program files\SpeedFan
2009-11-11 14:18 . 2007-08-28 12:38 -------- d-----w- c:\program files\uTorrent
2009-11-01 15:14 . 2007-01-27 13:29 -------- d-----r- c:\program files\Skype
2009-11-01 15:14 . 2007-01-27 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-28 22:45 . 2009-10-28 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-28 22:42 . 2009-10-28 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-28 22:29 . 2009-10-28 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-28 22:29 . 2009-10-28 22:29 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-28 22:29 . 2009-10-28 22:29 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-10-24 05:17 . 2007-04-27 11:29 -------- d-----w- c:\program files\Java
2009-10-24 05:16 . 2009-10-24 05:16 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-16 12:51 . 2009-09-16 12:51 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-20_16.31.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-11-28 11:14 . 2009-11-28 11:14 16384 c:\windows\temp\Perflib_Perfdata_668.dat
- 2003-07-07 16:00 . 2009-03-29 05:57 40836 c:\windows\system32\perfc009.dat
+ 2003-07-07 16:00 . 2009-10-25 05:28 40836 c:\windows\system32\perfc009.dat
+ 2008-08-09 07:18 . 2009-10-28 22:29 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-07-18 06:13 . 2009-07-18 06:13 48749 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-08-27 19:34 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-08-27 19:34 . 2009-03-30 08:33 96104 c:\windows\system32\drivers\avipbb.sys
+ 2009-08-27 19:34 . 2009-02-13 10:29 22360 c:\windows\system32\drivers\avgntmgr.sys
+ 2009-08-27 19:34 . 2009-07-28 14:33 55656 c:\windows\system32\drivers\avgntflt.sys
+ 2009-08-27 19:34 . 2009-02-13 10:17 45416 c:\windows\system32\drivers\avgntdd.sys
+ 2009-07-18 06:13 . 2009-07-18 06:13 18192 c:\windows\system32\Dexter Screen Saver dir\saver2.dll
+ 2009-07-18 06:13 . 2009-07-18 06:13 34304 c:\windows\system32\Dexter Screen Saver dir\saver1.dll
- 2006-08-27 15:57 . 2009-02-20 07:15 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-27 15:57 . 2009-11-28 08:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-08-27 15:57 . 2009-02-20 07:15 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-08-27 15:57 . 2009-11-28 08:58 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-08-27 15:57 . 2009-02-20 07:15 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-08-27 15:57 . 2009-11-28 08:58 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-05-05 15:22 . 2007-05-05 15:22 29696 c:\windows\Installer\5d552b.msi
+ 2006-09-24 13:28 . 2006-09-24 13:28 5248 c:\windows\system32\speedfan.sys
+ 1996-04-03 19:33 . 1996-04-03 19:33 5248 c:\windows\system32\giveio.sys
- 2006-08-27 16:49 . 2007-08-03 19:22 3251 c:\windows\mozver.dat
+ 2006-08-27 16:49 . 2009-07-25 08:09 3251 c:\windows\mozver.dat
+ 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2006-12-01 20:54 . 2006-12-01 20:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 20:54 . 2006-12-01 20:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54 . 2006-12-01 20:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2009-07-18 11:43 . 2009-07-18 11:43 231252 c:\windows\uninstall 24 Screensaver v1s by erazboy.exe
+ 2003-07-07 16:00 . 2009-10-25 05:28 314508 c:\windows\system32\perfh009.dat
- 2003-07-07 16:00 . 2009-03-29 05:57 314508 c:\windows\system32\perfh009.dat
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-06-11 20:04 . 2007-06-11 20:04 190696 c:\windows\system32\Macromed\Flash\FlashUtil9d.exe
+ 2009-10-24 05:17 . 2009-07-31 13:23 149280 c:\windows\system32\javaws.exe
+ 2009-10-24 05:17 . 2009-07-31 13:23 145184 c:\windows\system32\javaw.exe
+ 2009-10-24 05:17 . 2009-07-31 13:23 145184 c:\windows\system32\java.exe
+ 2009-08-27 08:07 . 2004-08-03 21:15 574592 c:\windows\system32\drivers\ntfs.sys
- 2003-07-07 16:00 . 2004-08-03 21:15 574592 c:\windows\system32\drivers\ntfs.sys
+ 2009-07-18 06:13 . 2009-07-18 06:13 520192 c:\windows\system32\Dexter Screen Saver.scr
+ 2009-09-16 12:52 . 2009-07-31 13:23 411368 c:\windows\system32\deploytk.dll
+ 2009-07-18 17:24 . 2008-07-25 08:23 797256 c:\windows\Resources\Themes\Embedded\Shell\NormalColor\shellstyle.dll
+ 2009-08-27 19:32 . 2009-08-27 19:32 228352 c:\windows\Installer\ecc6.msi
+ 2009-09-13 13:37 . 2009-09-13 13:37 694272 c:\windows\Installer\c02bf1.msi
+ 2009-09-16 12:52 . 2009-09-16 12:52 537600 c:\windows\Installer\9fdff1.msi
+ 2007-05-05 15:21 . 2007-05-05 15:21 716288 c:\windows\Installer\5d551b.msi
+ 2006-08-27 16:02 . 2006-08-27 16:02 264704 c:\windows\Installer\310a0.msi
+ 2009-11-01 15:14 . 2009-11-01 15:14 794112 c:\windows\Installer\1ce101f.msi
+ 2007-04-27 11:29 . 2007-04-27 11:29 268800 c:\windows\Installer\166bf4d.msi
+ 2009-11-01 15:14 . 2009-11-01 15:14 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2006-08-31 19:05 . 2005-04-04 00:07 982016 c:\windows\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\ISScript11.Msi
+ 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2003-07-07 16:00 . 2004-07-17 09:35 1326080 c:\windows\system32\webfldrs.msi
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2006-08-27 16:25 . 2004-07-17 09:35 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2009-09-13 13:37 . 2009-09-13 13:37 9013760 c:\windows\Installer\c02bf5.msi
+ 2006-08-27 17:24 . 2006-08-27 17:24 2439680 c:\windows\Installer\8f326.msi
+ 2009-11-01 15:14 . 2009-11-01 15:14 1565696 c:\windows\Installer\1ce1019.msi
+ 2007-08-28 13:07 . 2007-08-28 13:07 8265216 c:\windows\Installer\1beaec.msi
+ 2006-08-27 16:41 . 2006-08-27 16:41 5806592 c:\windows\Installer\16922.msi
+ 2009-01-06 13:08 . 2009-01-06 13:08 1549312 c:\windows\Installer\166fbbd.msi
+ 2006-08-31 19:05 . 2006-06-19 14:04 9934848 c:\windows\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\iTunes.msi
+ 2006-08-27 17:23 . 2004-07-07 13:35 2440704 c:\windows\Cache\Adobe Reader 6.0.1\CZEBIG\Adobe Reader 6.0.2 CE.msi
+ 2009-07-18 11:43 . 2009-07-18 11:43 1982086 c:\windows\24 Screensaver v1s by erazboy.scr
+ 2006-08-27 16:20 . 2003-07-07 16:00 1325568 c:\windows\$NtServicePackUninstall$\webfldrs.msi
+ 2007-05-05 15:21 . 2007-01-19 11:20 16667648 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
+ 2006-10-29 15:44 . 2006-07-29 19:39 15624704 c:\windows\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi
+ 2006-12-10 19:20 . 2007-01-28 09:50 25214976 c:\windows\Downloaded Installations\{D4E92304-957E-45AC-90FE-ED9CD4744E5B}\ACDSee Pro.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-05-14 3784704]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-05-14 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-05-14 831488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-03 53760]

c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-8-27 113664]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.8.2009 20:34 108289]
S1 soqwx32;soqwx32;\??\c:\windows\system32\drivers\soqwx32.sys --> c:\windows\system32\drivers\soqwx32.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\25t2mvec.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-msword98 - c:\documents and settings\Administrator\msword98.exe
HKLM-Run-Device Detector - DevDetect.exe
AddRemove-foobar2000 - c:\program files\foobar2000\uninstall.exe _?=c:\program files\foobar2000
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
AddRemove-Xvid_is1 - c:\program files\Xvid\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-28 12:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3232)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\ACD Systems\EN\DevDetect.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-11-28 12:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-28 11:22
ComboFix2.txt 2009-06-20 16:49
ComboFix3.txt 2009-06-20 16:34

Pre-Run: 12 032 774 144 bytes free
Post-Run: 18 522 775 552 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - C9532E007C544E6751BD11E7E773419E

_____________________________________________________
Rudy

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Citace:
Collect::
c:\windows\system32\drivers\soqwx32.sys

Driver::
soqwx32


Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

________________________________________________________
pjotr2009

ComboFix 09-11-27.07 - Administrator 28.11.2009 18:11.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.363 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts
c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\Adobe Gamma Loader.lnk
c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\McAfee Security Scan.lnk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_soqwx32


((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-28 )))))))))))))))))))))))))))))))
.

2009-11-28 10:49 . 2009-11-28 10:49 -------- d-----w- c:\program files\trend micro
2009-11-28 10:49 . 2009-11-28 10:49 -------- d-----w- C:\rsit
2009-11-01 15:14 . 2009-11-01 15:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-01 15:14 . 2009-11-28 17:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-11-01 15:14 . 2009-11-01 15:14 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-28 17:22 . 2007-01-27 13:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-11-28 17:18 . 2007-08-28 12:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-11-28 14:12 . 2009-06-20 17:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\foobar2000
2009-11-28 13:30 . 2009-08-27 18:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-28 10:41 . 2009-11-28 10:40 12 ----a-w- c:\documents and settings\NetworkService\Application Data\cbqozg.dat
2009-11-28 08:57 . 2009-11-28 08:57 12 ----a-w- c:\documents and settings\Administrator\Application Data\cbqozg.dat
2009-11-28 08:56 . 2009-11-28 08:56 4 ----a-w- c:\documents and settings\Administrator\Application Data\avdrn.dat
2009-11-15 06:20 . 2009-08-27 19:22 -------- d-----w- c:\program files\SpeedFan
2009-11-11 14:18 . 2007-08-28 12:38 -------- d-----w- c:\program files\uTorrent
2009-11-01 15:14 . 2007-01-27 13:29 -------- d-----r- c:\program files\Skype
2009-11-01 15:14 . 2007-01-27 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-28 22:45 . 2009-10-28 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-28 22:42 . 2009-10-28 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-28 22:29 . 2009-10-28 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-28 22:29 . 2009-10-28 22:29 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-28 22:29 . 2009-10-28 22:29 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-10-24 05:17 . 2007-04-27 11:29 -------- d-----w- c:\program files\Java
2009-10-24 05:16 . 2009-10-24 05:16 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-16 12:51 . 2009-09-16 12:51 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-11-28_11.15.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-28 17:19 . 2009-11-28 17:19 16384 c:\windows\temp\Perflib_Perfdata_658.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-05-14 3784704]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-05-14 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-05-14 831488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-03 53760]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.8.2009 20:34 108289]
.
.
------- Supplementary Scan -------
.
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\25t2mvec.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-28 18:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2996)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\SkypePM.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-11-28 18:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-28 17:27
ComboFix2.txt 2009-11-28 11:22
ComboFix3.txt 2009-06-20 16:49
ComboFix4.txt 2009-06-20 16:34

Pre-Run: 18 527 150 080 bytes free
Post-Run: 18 453 921 792 bytes free

- - End Of File - - 37F46C259FA58121E402D3AAB960F0B8

________________________________________________________
Rudy

Smazáno. Log již vypadá čistý.

_____________________________________________________
pjotr2009

DAKUJEM VELMI PEKNE

_______________________________________________
Rudy

Nemáte zač!

______________________________________________________
pjotr2009

hm. takže teraz v noci, celkom nečakane, mi vybehlo upozornenie od aviry že bol najdeny virus, trojan. opať sa zopakovalo to čo pred tym, to jest, medzi možnostami bola vysvietena "deny access" a opäť prebiehalo odratavanie v OK. ani som nestihol na to OK kliknuť.
ani nesurfoval som po internete, ale to bude asi irelevantne. tak neviem ako sa toho zbaviť.

____________________________________________
pjotr2009

oskenoval som počitač avirou. našiel dva krát trojana. síce som na konci skanovania klikol na repair all, no nie som si istý či to pomohlo. pretože teraz pri zapínaní windowsu, mi vyhadzuje toto: "Please select your operation system" pod tym je vysvietený "mircosoft..." a dalej to ani nedočítam lebo sa to zobrazí na krátku chvílu. potom síce už len zadám moje prihlasovacie heslo, a všetko ide jak má, otvorí sa mi windows. neviem či som to videl už aj pred tým, a teraz si to všímam lebo panikárim a v skutočbnosti o nič nejde. alebo či vírus stačil niečo zmeniť a aké následky to bude mať. súvisí to s BOOT.INI file. ?? ak ano čo sa s tým dá robiť ? v avire je možnosť "boot records scan" mal by som to skúsiť, alebo to s tym nesúvisí ? podotykam som laik


Offline majky358

Užívateľ
Užívateľ
PROBLéM S TROJANOM

Registrovaný: 02.06.08
Prihlásený: 19.07.16
Príspevky: 3325
Témy: 147
Bydlisko: Žilina / Os...
Príspevok NapísalOffline majky358: 29.11.2009 13:37

takze toto citat ani nejdem :D to ti muselo dat vela roboty to tu skopirovat....
skus si to napisat aby sa vtom clovek vyznal na prvy pohlad.
jedna moznost ze si das safe mod - a pokusis sa nejak spravit aby sa ti to nespustalo-
msconfig alebo si cosi popozeraj v event vieweri ci uz ide o chyby a ine srandy. :shit:







_________________
PC - ASUS M2N-MX Se+ | AMD X2 4200+ | 2GB RAM | Nvidia 8600GT | WD 320GB | 350W |NTB - ASUS K50AB SX-010 | | ASUS X550L | SteelSeries Mousepad | A4tech XL-750BF | HTC Explorer |
CCNA (640-802) |
Offline pitimir

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0
Príspevok NapísalOffline pitimir: 29.11.2009 13:57

http://viry.cz/forum/viewtopic.php?f=13&t=94133

Pokial mienis robit bordel kade-tade, tak velmi rychlo zistis, ze ludia maju len jedny nervy ;)


Offline wilson-4

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 21.11.09
Prihlásený: 03.01.10
Príspevky: 14
Témy: 4
Príspevok NapísalOffline wilson-4: 30.11.2009 11:11

:lock: ZBYTOCNA TEMA


Odpovedať na tému Stránka: 1 z 1
 [ Príspevkov: 4 ] 

Obsah fóra » Software » Antivíry, bezpečnosť a sieť » Antivíry a antispywary » PROBLéM S TROJANOM


Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy. neviem pohnut s trojanom

v Antivíry a antispywary

5

730

18.01.2008 12:51

Gazdiq Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. M Firefox problém so sťahovaním a GCH problém s updatom

v Sieťové a internetové programy

0

1355

23.01.2015 16:06

Stary Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Problém so zobrazovaním www stránok, problém užívateľa

v Operačné systémy Microsoft

17

2131

23.03.2009 10:41

FERDA23 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Záhadný problém s PC... problém procesora?

[ Choď na stránku:Choď na stránku: 1, 2 ]

v AMD - Advanced Micro Devices

45

4722

26.04.2012 11:14

netpeter77 Zobrazenie posledných príspevkov

Táto téma je zamknutá, nemôžete posielať nové príspevky alebo odpovedať na staršie. Battlefield 3 SKIDROW problem + win7 problem

v Počítačové hry

1

1573

22.09.2012 23:51

walther Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Problém s MB ASUS P5K - problém s Realtek

v Ovládače

4

2297

14.06.2008 10:36

$ph!nX Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Problém s HDD / Problém s bootovaním

v Pevné disky a radiče

4

1459

22.02.2013 14:08

lucifer666x Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. problem

v Antivíry a antispywary

0

511

04.08.2008 22:07

dedko45 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. problem

v AMD čipové sady

5

534

27.06.2011 14:46

Semp Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. PROBLEM

v Biosy a ladenie výkonu

4

646

18.01.2008 17:33

4Dimension Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. problem

v Sieťové a internetové programy

0

484

20.01.2009 10:29

qwer0 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. problem

v Operačné systémy Microsoft

2

531

07.12.2008 18:17

patqo_he Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Problém

v Intel čipové sady

5

1252

23.07.2007 20:23

Gigabyte-M Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Problem

v Ostatné

5

649

04.04.2008 15:54

Rapier Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. problem

v Intel čipové sady

2

602

03.03.2022 7:42

vaci Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. problem

v Audio programy

0

668

26.01.2009 13:09

strna Zobrazenie posledných príspevkov


Nemôžete zakladať nové témy v tomto fóre
Nemôžete odpovedať na témy v tomto fóre
Nemôžete upravovať svoje príspevky v tomto fóre
Nemôžete mazať svoje príspevky v tomto fóre

Skočiť na:  

Powered by phpBB Jarvis © 2005 - 2024 PCforum, webhosting by WebSupport, secured by GeoTrust, edited by JanoF
Ako väčšina webových stránok aj my používame cookies. Zotrvaním na webovej stránke súhlasíte, že ich môžeme používať.
Všeobecné podmienky, spracovanie osobných údajov a pravidlá fóra