Obsah fóra
PravidláRegistrovaťPrihlásenie

Obsah fóra » Software » Antivíry, bezpečnosť a sieť » Antivíry a antispywary » Prosím o kontrolu logu





Odpovedať na tému Stránka: 1 z 1
 [ Príspevkov: 7 ] 
AutorSpráva
Offline igiok1

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.01.08
Prihlásený: 07.06.09
Príspevky: 14
Témy: 5
Bydlisko: Michalovce
Príspevok NapísalOffline igiok1: 24.03.2008 10:50

PC mi ide pomalšie,anticrash mi hlásil zo dvakrát crash,ale ani antivír ani antispyware nič.Opera ide pomaly a mrzne a stále vyskakuje okno-neprečítané(správy)Aj teraz nedá sa písať,lebo to takmer stále vyskakuje.
Vďaka.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:41, on 24.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\System Protect\SysProtect_srv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\IE Doctor\IEDoctor.exe
C:\Program Files\System Protect\SysProtect_Tray.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Documents and Settings\All Users\Application Data\LangSoft\OETRN.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BearShare Acceleration Patch\BearShare Acceleration Patch.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQToolbar\toolbaru.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IE Doctor] "C:\Program Files\IE Doctor\IEDoctor.exe" /min
O4 - HKLM\..\Run: [SystemProtect] C:\Program Files\System Protect\SysProtect_Tray.exe
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Application Data\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: BearShare Acceleration Patch.lnk = C:\Program Files\BearShare Acceleration Patch\BearShare Acceleration Patch.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Documents and Settings\Jakub\Desktop\Obrázky\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4717737426
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCE0C122-FA18-4C51-A8CA-4CEB8924D3EC}: NameServer = 195.146.128.62 195.146.132.59
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: System Protect Deletion Prevention Service (SP_Service) - Xacti Corporation - C:\Program Files\System Protect\SysProtect_srv.exe

--
End of file - 14377 bytes


Offline yaJohny

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline yaJohny: 24.03.2008 10:59

1. stiahni http://siri.urz.free.fr/Fix/SmitfraudFix.exe a pouzi podla navodu:
http://www.viry.cz/forum/viewtopic.php?t=16475 a vloz sem log z neho

2. stiahni combofix podla navodu a vloz sem log: http://www.pcforum.sk/cistime-napadnuty ... 27265.html

3. novy log z hijackthis

edit:// no nemalo to ist tebe, ale tak nic tym nepokazis :lol:


Offline igiok1

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.01.08
Prihlásený: 07.06.09
Príspevky: 14
Témy: 5
Bydlisko: Michalovce
Príspevok Napísal autor témyOffline igiok1: 24.03.2008 12:08

ComboFix 08-03-23.5 - Igor Kriz 2008-03-24 11:44:54.2 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.120 [GMT 1:00]
Running from: C:\Documents and Settings\Igor Kriz\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
-- Script messages for sUBs --
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF14794.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
CF14794.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\msvrc20.dll
C:\WINDOWS\msxfcg32.dll
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.

2008-03-24 11:21 . 2008-03-24 11:21 3,586 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-24 11:01 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-24 11:01 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-24 11:01 . 2008-03-22 15:49 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-24 11:01 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-24 11:01 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-24 11:01 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-24 11:01 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-23 13:29 . 2008-03-24 11:29 64,512 --ah----- C:\Documents and Settings\Igor Kriz\Application Data\dach100.dll
2008-03-23 13:19 . 2008-03-23 13:19 <DIR> d-------- C:\Program Files\Uniblue
2008-03-21 15:13 . 2008-03-21 20:16 918,045 --ah----- C:\DH Temp.tmp
2008-03-21 15:11 . 2008-03-21 15:11 0 --ah----- C:\miniex.ant
2008-03-21 11:22 . 2008-03-21 11:22 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\OpenOffice.org2
2008-03-21 10:31 . 2008-03-21 10:31 194,560 --a------ C:\WINDOWS\Evolution IX screensaver.scr
2008-03-21 10:30 . 2008-03-21 10:31 <DIR> d-------- C:\WINDOWS\Evolution IX screensaver dir
2008-03-21 10:30 . 2008-03-21 10:30 606,848 --a------ C:\WINDOWS\flashax.exe
2008-03-21 10:30 . 2008-03-21 10:30 12,288 --a------ C:\WINDOWS\impborl.dll
2008-03-09 19:24 . 2008-03-09 19:24 <DIR> d-------- C:\Program Files\FDRLab
2008-03-09 14:36 . 2008-03-09 14:36 <DIR> d-------- C:\Program Files\Serials 2000 7.1 Plus
2008-03-09 12:38 . 2008-03-09 21:24 <DIR> d-------- C:\Program Files\PC MightyMax 2007
2008-03-04 08:19 . 2008-03-04 08:19 <DIR> d-------- C:\Documents and Settings\Guest\WINDOWS
2008-03-01 12:27 . 2008-03-05 21:53 <DIR> d-------- C:\Program Files\Shareaza Applications
2008-02-24 15:26 . 2008-02-24 15:26 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Leadertech
2008-02-24 15:26 . 2008-02-24 15:26 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 10:37 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-24 10:30 --------- d-----w C:\Documents and Settings\Igor Kriz\Application Data\OpenOffice.org2
2008-03-24 10:26 --------- d-----w C:\Program Files\WinClamAVShield
2008-03-23 15:57 --------- d-----w C:\Documents and Settings\Igor Kriz\Application Data\BearShare
2008-03-23 13:51 --------- d-----w C:\Program Files\Spyware Terminator
2008-03-18 15:49 --------- d-----w C:\Program Files\FlashGet
2008-03-17 19:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-16 10:40 138,752 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-15 15:29 --------- d-----w C:\Program Files\ICQToolbar
2008-03-14 11:40 --------- d-----w C:\Documents and Settings\Guest\Application Data\Spyware Terminator
2008-03-09 14:35 --------- d-----w C:\Program Files\RegCure
2008-03-08 06:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-05 20:53 --------- d-----w C:\Documents and Settings\Igor Kriz\Application Data\Shareaza
2008-03-02 22:02 --------- d-----w C:\Program Files\DC++
2008-03-01 11:27 --------- d-----w C:\Program Files\Shareaza
2008-02-28 17:07 --------- d-----w C:\Documents and Settings\Veronika\Application Data\OpenOffice.org2
2008-02-26 13:44 --------- d-----w C:\Documents and Settings\Guest\Application Data\Apple Computer
2008-02-25 16:44 --------- d-----w C:\Documents and Settings\Guest\Application Data\Teleca
2008-02-24 21:46 --------- d-----w C:\Program Files\Opera
2008-02-20 16:55 --------- d-----w C:\Program Files\Common Files\DirectX
2008-02-20 16:41 --------- d-----w C:\Program Files\iTunes
2008-02-20 12:26 --------- d-----w C:\Documents and Settings\Guest\Application Data\ESTsoft
2008-02-19 22:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-19 22:36 --------- d-----w C:\Program Files\BearShare Acceleration Patch
2008-02-19 22:31 12,288 ----a-w C:\WINDOWS\system32\drivers\sp_prot.sys
2008-02-19 22:31 --------- d-----w C:\Program Files\System Protect
2008-02-19 19:43 --------- d-----w C:\Documents and Settings\Guest\Application Data\LangSoft
2008-02-19 19:20 --------- d-----w C:\Documents and Settings\Guest\Application Data\Sony Ericsson
2008-02-19 19:20 --------- d-----w C:\Documents and Settings\Guest\Application Data\Nero
2008-02-19 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-18 13:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-17 21:39 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-17 21:29 --------- d-----w C:\Documents and Settings\Igor Kriz\Application Data\Spyware Terminator
2008-02-17 21:28 --------- d-----w C:\Program Files\EMCO Malware Destroyer
2008-02-17 21:19 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-17 19:45 --------- d-----w C:\Program Files\Ares
2008-02-17 15:38 --------- d-----w C:\Program Files\TV
2008-02-17 15:33 --------- d-----w C:\Documents and Settings\Igor Kriz\Application Data\WebCompiler3
2008-02-10 10:01 --------- d-----w C:\Documents and Settings\Veronika\Application Data\Spyware Terminator
2008-02-02 13:28 --------- d-----w C:\Program Files\Ashampoo
2008-02-02 12:17 --------- d-----w C:\Program Files\IObit
2008-02-02 11:47 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-02 11:47 --------- d-----w C:\Program Files\Easy Music Composer Free
2008-02-02 11:47 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-02-02 11:47 --------- d-----w C:\Program Files\BitComet
2008-01-27 07:36 --------- d-----w C:\Documents and Settings\Igor Kriz\Application Data\Desktop Sidebar
2008-01-26 18:51 --------- d-----w C:\Documents and Settings\Igor Kriz\Application Data\Apple Computer
2008-01-05 09:16 1,261,056 ----a-w C:\WINDOWS\setup_rangers.exe
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 11:51 202024]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-04-27 19:22 312848]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-12-20 08:10 715888]
"OEXPRESS"="C:\Documents and Settings\All Users\Application Data\LangSoft\OETRN.EXE" [2008-01-21 20:42 26624]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 16:06 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-09-07 15:51 49263]
"CnxDslTaskBar"="C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" [2004-06-16 10:55 233472]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-10-10 14:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-16 11:40 2957824]
"FlashGet"="C:\Program Files\FlashGet\FlashGet.exe" [ ]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 33280 C:\WINDOWS\system32\rundll32.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 07:52 15797248 C:\WINDOWS\RTHDCPL.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2007-11-11 19:59 69632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 19:15 271672]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 08:25 1828136]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"IE Doctor"="C:\Program Files\IE Doctor\IEDoctor.exe" [2003-10-20 03:59 347136]
"SystemProtect"="C:\Program Files\System Protect\SysProtect_Tray.exe" [2008-02-19 23:31 1223680]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2007-07-27 21:39 3647656]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\Igor Kriz\Start Menu\Programs\Startup\
AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 12:00:44 2301798]
BearShare Acceleration Patch.lnk - C:\Program Files\BearShare Acceleration Patch\BearShare Acceleration Patch.exe [2008-02-08 08:56:52 452096]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-09-28 20:47:52 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:TCP"= 5000:TCP:AresChatServer

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-16 11:40]
R2 SP_Service;System Protect Deletion Prevention Service;"C:\Program Files\System Protect\SysProtect_srv.exe" [2008-02-19 23:31]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-16 10:51]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-16 10:51]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-16 10:51]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 13:00]
R3 sp_prot;System Protect Filter Driver;C:\WINDOWS\system32\drivers\sp_prot.sys [2008-02-19 23:31]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\SophosMEMSWEEP.SYS []
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 18:23]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 18:23]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 18:23]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 18:23]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 18:23]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 18:24]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 09:11:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-24 10:28:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-24 10:25:56 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-14 16:20:29 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 11:47:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-24 11:48:42
ComboFix-quarantined-files.txt 2008-03-24 10:48:38
ComboFix2.txt 2008-01-08 19:47:59
.
2008-03-22 01:54:51 --- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:47, on 24.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\System Protect\SysProtect_srv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\IE Doctor\IEDoctor.exe
C:\Program Files\System Protect\SysProtect_Tray.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\All Users\Application Data\LangSoft\OETRN.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BearShare Acceleration Patch\BearShare Acceleration Patch.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQToolbar\toolbaru.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IE Doctor] "C:\Program Files\IE Doctor\IEDoctor.exe" /min
O4 - HKLM\..\Run: [SystemProtect] C:\Program Files\System Protect\SysProtect_Tray.exe
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Application Data\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: BearShare Acceleration Patch.lnk = C:\Program Files\BearShare Acceleration Patch\BearShare Acceleration Patch.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Documents and Settings\Jakub\Desktop\Obrázky\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4717737426
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCE0C122-FA18-4C51-A8CA-4CEB8924D3EC}: NameServer = 195.146.128.62 195.146.132.59
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: System Protect Deletion Prevention Service (SP_Service) - Xacti Corporation - C:\Program Files\System Protect\SysProtect_srv.exe

--
End of file - 14310 bytes


Offline yaJohny

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline yaJohny: 24.03.2008 12:26

..este log zo Smitfraudfix..


Offline igiok1

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.01.08
Prihlásený: 07.06.09
Príspevky: 14
Témy: 5
Bydlisko: Michalovce
Príspevok Napísal autor témyOffline igiok1: 24.03.2008 12:31

SmitFraudFix v2.307

Scan done at 11:21:02,18, po 24.03.2008
Run from C:\Documents and Settings\Igor Kriz\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Verzia 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Reboot

C:\WINDOWS\system32\systems.txt Please, Reboot and Run SmitfraudFix option 2 once again.


»»»»»»»»»»»»»»»»»»»»»»»» End


Offline yaJohny

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline yaJohny: 24.03.2008 12:47

Podla navodu:
http://www.pcforum.sk/cistime-napadnuty ... 27265.html
uloz to co je v code do CFScript.txt a podla obrazka pretiahni na combofix:
a vloz novy log

Kód:
File::
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\DH Temp.tmp
C:\WINDOWS\impborl.dll
C:\WINDOWS\unins000.exe


Offline igiok1

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.01.08
Prihlásený: 07.06.09
Príspevky: 14
Témy: 5
Bydlisko: Michalovce
Príspevok Napísal autor témyOffline igiok1: 24.03.2008 13:40

ComboFix 08-03-23.5 - Igor Kriz 2008-03-24 12:55:02.3 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.116 [GMT 1:00]
Running from: C:\Documents and Settings\Igor Kriz\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Igor Kriz\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\DH Temp.tmp
C:\WINDOWS\impborl.dll
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\unins000.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DH Temp.tmp
C:\WINDOWS\impborl.dll
C:\WINDOWS\msxfcg32.dll
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\unins000.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.

2008-03-24 11:01 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-23 13:29 . 2008-03-24 11:56 64,512 --ah----- C:\Documents and Settings\Igor Kriz\Application Data\dach100.dll
2008-03-23 13:19 . 2008-03-23 13:19 <DIR> d-------- C:\Program Files\Uniblue
2008-03-21 15:11 . 2008-03-21 15:11 0 --ah----- C:\miniex.ant
2008-03-21 11:22 . 2008-03-21 11:22 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\OpenOffice.org2
2008-03-21 10:31 . 2008-03-21 10:31 194,560 --a------ C:\WINDOWS\Evolution IX screensaver.scr
2008-03-21 10:30 . 2008-03-21 10:31 <DIR> d-------- C:\WINDOWS\Evolution IX screensaver dir
2008-03-21 10:30 . 2008-03-21 10:30 606,848 --a------ C:\WINDOWS\flashax.exe
2008-03-09 19:24 . 2008-03-09 19:24 <DIR> d-------- C:\Program Files\FDRLab
2008-03-09 14:36 . 2008-03-09 14:36 <DIR> d-------- C:\Program Files\Serials 2000 7.1 Plus
2008-03-09 12:38 . 2008-03-09 21:24 <DIR> d-------- C:\Program Files\PC MightyMax 2007
2008-03-04 08:19 . 2008-03-04 08:19 <DIR> d-------- C:\Documents and Settings\Guest\WINDOWS
2008-03-01 12:27 . 2008-03-05 21:53 <DIR> d-------- C:\Program Files\Shareaza Applications
2008-02-24 15:26 . 2008-02-24 15:26 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Leadertech
2008-02-24 15:26 . 2008-02-24 15:26 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 10:59 --------- d-----w C:\Documents and Settings\Igor Kriz\Application Data\OpenOffice.org2
2008-03-24 10:56 --------- d-----w C:\Program Files\WinClamAVShield
2008-03-24 10:37 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-23 15:57 --------- d-----w C:\Documents and Settings\Igor Kriz\Application Data\BearShare
2008-03-23 13:51 --------- d-----w C:\Program Files\Spyware Terminator
2008-03-18 15:49 --------- d-----w C:\Program Files\FlashGet
2008-03-17 19:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-16 10:40 138,752 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-15 15:29 --------- d-----w C:\Program Files\ICQToolbar
2008-03-14 11:40 --------- d-----w C:\Documents and Settings\Guest\Application Data\Spyware Terminator
2008-03-09 14:35 --------- d-----w C:\Program Files\RegCure
2008-03-08 06:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-05 20:53 --------- d-----w C:\Documents and Settings\Igor Kriz\Application Data\Shareaza
2008-03-02 22:02 --------- d-----w C:\Program Files\DC++
2008-03-01 11:27 --------- d-----w C:\Program Files\Shareaza
2008-02-28 17:07 --------- d-----w C:\Documents and Settings\Veronika\Application Data\OpenOffice.org2
2008-02-26 13:44 --------- d-----w C:\Documents and Settings\Guest\Application Data\Apple Computer
2008-02-25 16:44 --------- d-----w C:\Documents and Settings\Guest\Application Data\Teleca
2008-02-24 21:46 --------- d-----w C:\Program Files\Opera
2008-02-20 16:55 --------- d-----w C:\Program Files\Common Files\DirectX
2008-02-20 16:41 --------- d-----w C:\Program Files\iTunes
2008-02-20 12:26 --------- d-----w C:\Documents and Settings\Guest\Application Data\ESTsoft
2008-02-19 22:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-19 22:36 --------- d-----w C:\Program Files\BearShare Acceleration Patch
2008-02-19 22:31 12,288 ----a-w C:\WINDOWS\system32\drivers\sp_prot.sys
2008-02-19 22:31 --------- d-----w C:\Program Files\System Protect
2008-02-19 19:43 --------- d-----w C:\Documents and Settings\Guest\Application Data\LangSoft
2008-02-19 19:20 --------- d-----w C:\Documents and Settings\Guest\Application Data\Sony Ericsson
2008-02-19 19:20 --------- d-----w C:\Documents and Settings\Guest\Application Data\Nero
2008-02-19 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-18 13:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-17 21:39 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-17 21:29 --------- d-----w C:\Documents and Settings\Igor Kriz\Application Data\Spyware Terminator
2008-02-17 21:28 --------- d-----w C:\Program Files\EMCO Malware Destroyer
2008-02-17 19:45 --------- d-----w C:\Program Files\Ares
2008-02-17 15:38 --------- d-----w C:\Program Files\TV
2008-02-17 15:33 --------- d-----w C:\Documents and Settings\Igor Kriz\Application Data\WebCompiler3
2008-02-10 10:01 --------- d-----w C:\Documents and Settings\Veronika\Application Data\Spyware Terminator
2008-02-02 13:28 --------- d-----w C:\Program Files\Ashampoo
2008-02-02 12:17 --------- d-----w C:\Program Files\IObit
2008-02-02 11:47 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-02 11:47 --------- d-----w C:\Program Files\Easy Music Composer Free
2008-02-02 11:47 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-02-02 11:47 --------- d-----w C:\Program Files\BitComet
2008-01-27 07:36 --------- d-----w C:\Documents and Settings\Igor Kriz\Application Data\Desktop Sidebar
2008-01-26 18:51 --------- d-----w C:\Documents and Settings\Igor Kriz\Application Data\Apple Computer
2008-01-05 09:16 1,261,056 ----a-w C:\WINDOWS\setup_rangers.exe
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-24_11.48.27,25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-24 10:54:53 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_48c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 11:51 202024]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-04-27 19:22 312848]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-12-20 08:10 715888]
"OEXPRESS"="C:\Documents and Settings\All Users\Application Data\LangSoft\OETRN.EXE" [2008-01-21 20:42 26624]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 16:06 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-09-07 15:51 49263]
"CnxDslTaskBar"="C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" [2004-06-16 10:55 233472]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-10-10 14:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-16 11:40 2957824]
"FlashGet"="C:\Program Files\FlashGet\FlashGet.exe" [ ]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 33280 C:\WINDOWS\system32\rundll32.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 07:52 15797248 C:\WINDOWS\RTHDCPL.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2007-11-11 19:59 69632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 19:15 271672]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 08:25 1828136]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"IE Doctor"="C:\Program Files\IE Doctor\IEDoctor.exe" [2003-10-20 03:59 347136]
"SystemProtect"="C:\Program Files\System Protect\SysProtect_Tray.exe" [2008-02-19 23:31 1223680]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2007-07-27 21:39 3647656]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\Igor Kriz\Start Menu\Programs\Startup\
AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 12:00:44 2301798]
BearShare Acceleration Patch.lnk - C:\Program Files\BearShare Acceleration Patch\BearShare Acceleration Patch.exe [2008-02-08 08:56:52 452096]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-09-28 20:47:52 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:TCP"= 5000:TCP:AresChatServer

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-16 11:40]
R2 SP_Service;System Protect Deletion Prevention Service;"C:\Program Files\System Protect\SysProtect_srv.exe" [2008-02-19 23:31]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-16 10:51]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-16 10:51]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-16 10:51]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 13:00]
R3 sp_prot;System Protect Filter Driver;C:\WINDOWS\system32\drivers\sp_prot.sys [2008-02-19 23:31]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\SophosMEMSWEEP.SYS []
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 18:23]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 18:23]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 18:23]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 18:23]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 18:23]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 18:24]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 09:11:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-24 10:57:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-24 10:55:03 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-14 16:20:29 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 12:57:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-24 12:58:38
ComboFix-quarantined-files.txt 2008-03-24 11:58:34
ComboFix2.txt 2008-03-24 10:48:43
ComboFix3.txt 2008-01-08 19:47:59
.
2008-03-22 01:54:51 --- E O F ---


Odpovedať na tému Stránka: 1 z 1
 [ Príspevkov: 7 ] 

Obsah fóra » Software » Antivíry, bezpečnosť a sieť » Antivíry a antispywary » Prosím o kontrolu logu


Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy. prosím o kontrolu logu

v Antivíry a antispywary

2

497

23.04.2008 11:37

maminkask Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. prosim o kontrolu logu

v Antivíry a antispywary

3

623

04.08.2008 18:26

Spirit Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. prosim o kontrolu logu

v Antivíry a antispywary

2

583

25.08.2008 14:50

xixan Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosím o kontrolu logu

[ Choď na stránku:Choď na stránku: 1, 2 ]

v Antivíry a antispywary

30

2649

01.10.2006 22:44

abraxas1988 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosim o kontrolu logu

v Antivíry a antispywary

4

558

29.12.2007 20:03

br4n0 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosim o kontrolu logu

v Antivíry a antispywary

1

649

30.11.2007 22:15

Roberbo Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosím o kontrolu logu

v Antivíry a antispywary

8

725

09.01.2008 20:07

igiok1 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosím o kontrolu logu

v Antivíry a antispywary

1

551

06.08.2008 19:29

Kosak Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosím o kontrolu logu

v Antivíry a antispywary

7

837

23.04.2008 23:03

strongy Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. prosím o kontrolu logu

v Antivíry a antispywary

0

525

21.01.2008 22:38

igiok1 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. prosim o kontrolu logu

v Antivíry a antispywary

2

765

21.12.2009 15:41

pitimir Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosim o kontrolu logu

v Antivíry a antispywary

0

458

24.12.2011 10:45

labkomil Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. prosim o kontrolu logu

v Antivíry a antispywary

10

662

18.08.2008 22:53

Kosak Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. prosím kontrolu logu HJT

v Antivíry a antispywary

9

617

14.12.2007 19:04

alan Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Prosím o kontrolu logu

v Antivíry a antispywary

4

771

13.04.2008 0:16

igiok1 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. prosím kontrolu logu HJT

v Antivíry a antispywary

9

739

07.11.2007 0:49

patrick1 Zobrazenie posledných príspevkov


Nemôžete zakladať nové témy v tomto fóre
Nemôžete odpovedať na témy v tomto fóre
Nemôžete upravovať svoje príspevky v tomto fóre
Nemôžete mazať svoje príspevky v tomto fóre

Skočiť na:  

Powered by phpBB Jarvis © 2005 - 2024 PCforum, webhosting by WebSupport, secured by GeoTrust, edited by JanoF
Ako väčšina webových stránok aj my používame cookies. Zotrvaním na webovej stránke súhlasíte, že ich môžeme používať.
Všeobecné podmienky, spracovanie osobných údajov a pravidlá fóra