[ Príspevkov: 20 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
Prosím o pomoc s "printer.exe"+log z Hijacku

Registrovaný: 23.10.07
Prihlásený: 12.05.08
Príspevky: 10
Témy: 1 | 1

Skontroloval som system programom SpyBot, ktorý našiel nejaké problémy, ktoré sa mu podarilo odstrániř. Lenže po reštarte PC systém vypisuje, že mu chýba program printer.exe. Ale keď ho cez SpyBot obnovím začne mi robiť v PC galibu. Poprepisuje si nejaké registry...., ale najvačší problém je v tom, že začne vyskakovař známe okno "Windows Security Alert".
Potom som počítač vyčistil pomocou CCleaner, ale problém sa nepodarilo odstrániř.
Takže nakoniec musím pekne poprosiť, či nevičítate niečo rozumné z Hijacku. :cry:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:24, on 23.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: BearShare MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\BearShare MediaBar\MediaBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Dominik\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 6138 bytes


Za odpoveď velmi pekne ďakujem!


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 17.10.07
Prihlásený: 08.02.10
Príspevky: 30
Témy: 5 | 5

ak mas moznost zohnat, skus spyware doctor 5, mohol by pomoct vyriesit problemy


Offline

Skúsený užívateľ
Skúsený užívateľ
Prosím o pomoc s "printer.exe"+log z Hijacku

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V

fix:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Dominik\LOCALS~1\Temp\hpdj.exe (file missing)

V Ccleaneri nastav, čo chceš mazať a nastav automatické spúštanie po štarte.
Po reštarte vymaž: C:\WINDOWS\system32\sulimo.dat, printer.exe. Ak to nepôjde, daj do avengeru:
Kód:
files to delete:
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\sulimo.dat


Ak sa tým problém nevyrieši, použi SmitFraudFix.


Offline

Užívateľ
Užívateľ
Prosím o pomoc s "printer.exe"+log z Hijacku

Registrovaný: 23.10.07
Prihlásený: 12.05.08
Príspevky: 10
Témy: 1 | 1
Napísal autor témyOffline : 23.10.2007 13:37 | Prosím o pomoc s "printer.exe"+log z Hijacku

ďakujem, pomohlo to. Už si to ten printer.exe nepýta!
V Hijcku zostal ten O20........sulimo.dat, ale v sysleme uz nie je. Nevadí?
Nový výpis z Hijacku

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:46, on 23.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: BearShare MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\BearShare MediaBar\MediaBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 5517 bytes
Ešte raz ďakujem !!!


Offline

Skúsený užívateľ
Skúsený užívateľ
Prosím o pomoc s "printer.exe"+log z Hijacku

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V

Určite tam už sulimo.dat nie je? Mohol sa regenerovať, v tom prípade použi smitfraudfix.


Offline

Užívateľ
Užívateľ
Prosím o pomoc s "printer.exe"+log z Hijacku

Registrovaný: 23.10.07
Prihlásený: 12.05.08
Príspevky: 10
Témy: 1 | 1
Napísal autor témyOffline : 23.10.2007 14:11 | Prosím o pomoc s "printer.exe"+log z Hijacku

Určite tem nie je!
Nenašiel ho ani systém a ani Avenger! Log z Avengeru:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\txskocrx

*******************
Script file located at: \??\C:\WINDOWS\system32\krhbdybe.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger

*******************
Beginning to process script file:
File C:\WINDOWS\system32\printer.exe not found!
Deletion of file C:\WINDOWS\system32\printer.exe failed!

Could not process line:
C:\WINDOWS\system32\printer.exe
Status: 0xc0000034

File C:\WINDOWS\system32\sulimo.dat not found!
Deletion of file C:\WINDOWS\system32\sulimo.dat failed!

Could not process line:
C:\WINDOWS\system32\sulimo.dat
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminat
Hmmm...zaujímavé! Ale systém ide normálne! Ď


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25

Postupuj podľa návodu => http://www.viry.cz/forum/viewtopic.php?t=45354


Offline

Užívateľ
Užívateľ
Prosím o pomoc s "printer.exe"+log z Hijacku

Registrovaný: 23.10.07
Prihlásený: 12.05.08
Príspevky: 10
Témy: 1 | 1
Napísal autor témyOffline : 24.10.2007 21:12 | Prosím o pomoc s "printer.exe"+log z Hijacku

postupoval som podla tvojho resp. odkazaneho navodu a vyzera to ze uz by to malo byt dobre. len jedna chybicka se vloudila a to pri spusteni HostXperta sa po spusteni programu objavi okno s hlaskou "error:cannot create files--- C:\..system32\DRIVERS\ETC\hosts"

Pripajam vypis z Hijasticku

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:09:17, on 24.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\TC UP\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: BearShare MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\BearShare MediaBar\MediaBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 5248 bytes

Ale aj napriek vsetkemu sa mi zda ze mi nejako zacina blbnut internet /nacitavanie stranok az na druhy krat, spomalenie..../ neviem mozno subjektivny nazor.
vďaka


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25

Ešte odinštaluj Bearshare. Stiahnite ComboFix –->
http://download.bleepingcomputer.com/sU ... mboFix.exe

Riaďte sa inštrukciami na obrazovke, neklikajte, počítač môže byť reštartovaný. Vložte na fórum obsah súbora C:\ComboFix.txt


Offline

Užívateľ
Užívateľ
Prosím o pomoc s "printer.exe"+log z Hijacku

Registrovaný: 23.10.07
Prihlásený: 12.05.08
Príspevky: 10
Témy: 1 | 1
Napísal autor témyOffline : 25.10.2007 18:51 | Prosím o pomoc s "printer.exe"+log z Hijacku

no, Medveďa so odinštaloval spustil som ComboFix, ale Sunbelt PF mi v určitých krokoch vypisoval že sa jedná o prienik. Nechal som ho bežař a tu je log:

ComboFix 07-10-25.3 - Dominik 2007-10-25 18:37:31.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.728 [GMT 2:00]
Running from: D:\Inštalačky\Hijack\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 )))))))))))))))))))))))))))))))
.

2007-10-25 18:32 126,976 --a------ C:\zip.exe
2007-10-25 18:32 60,416 --a------ C:\WINDOWS\system32\drivers\ywubblix.sys
2007-10-25 18:32 1,846 --a------ C:\avexport.bat
2007-10-25 18:32 1,080 --a------ C:\kobpupqw.bat
2007-10-25 06:22 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 20:29 <DIR> d-------- C:\PrinterBegone
2007-10-23 11:11 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-22 16:14 <DIR> dr-h----- C:\Documents and Settings\Dominik\Data aplikací\SecuROM
2007-10-22 16:14 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-10-21 17:03 <DIR> d-------- C:\Program Files\vdownloader0.5
2007-10-21 16:52 <DIR> d-------- C:\Program Files\StrongDC++
2007-10-21 14:37 <DIR> d-------- C:\Program Files\DVD Shrink
2007-10-21 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2007-10-21 08:20 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2007-10-21 07:53 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-21 07:53 <DIR> d-------- C:\Program Files\CCleaner
2007-10-21 03:00 <DIR> d-------- C:\Program Files\Hamachi
2007-10-20 10:29 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-10-20 09:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-20 09:18 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-10-20 09:18 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-10-20 09:18 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-10-20 09:10 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-20 09:07 181,248 -----c--- C:\WINDOWS\system32\dllcache\rasmans.dll
2007-10-20 08:58 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-10-19 09:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2007-10-17 12:38 118,832 --a------ C:\WINDOWS\system32\SHW32.DLL
2007-10-17 12:21 <DIR> d-------- C:\Program Files\D-Tools
2007-10-17 12:21 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-10-17 12:21 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-10-17 09:34 <DIR> d-------- C:\Casino
2007-10-14 10:14 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\ICQ Toolbar
2007-10-13 21:36 <DIR> d-------- C:\Program Files\BearShare Applications
2007-10-13 20:53 <DIR> d-------- C:\Program Files\Decrypter
2007-10-13 20:37 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-10-13 20:37 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-13 20:26 <DIR> d-------- C:\Program Files\ICQToolbar
2007-10-13 20:25 <DIR> d-------- C:\Program Files\ICQ6
2007-10-13 20:21 <DIR> d-------- C:\Program Files\Ares
2007-10-13 16:06 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\ICQ
2007-10-13 16:05 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\InstallShield
2007-10-13 14:47 26,112 -ra------ C:\WINDOWS\LgUninst.exe
2007-10-13 14:46 <DIR> d-------- C:\Program Files\Lingea
2007-10-13 14:42 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\ACD Systems
2007-10-13 14:34 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2007-10-13 14:34 <DIR> d-------- C:\Program Files\ACD Systems
2007-10-13 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
2007-10-13 14:34 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2007-10-13 14:33 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-10-13 09:28 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-10-12 15:00 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-12 13:19 <DIR> d-------- C:\Program Files\ClonyXXL
2007-10-12 09:59 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\XnView
2007-10-12 09:59 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\SumatraPDF
2007-10-12 09:46 <DIR> d-------- C:\Program Files\SlySoft
2007-10-12 08:52 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-10-12 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Elaborate Bytes
2007-10-12 08:15 <DIR> d-------- C:\WINDOWS\pss
2007-10-12 07:52 <DIR> d-------- C:\Program Files\TC UP
2007-10-12 07:52 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\HEXelon
2007-10-12 07:52 15,872 --a------ C:\WINDOWS\system32\drivers\vd_filedisk.sys
2007-10-12 07:19 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-12 07:18 <DIR> d-------- C:\Program Files\Alwil Software
2007-10-12 07:18 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-10-12 07:18 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-12 07:18 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-12 07:18 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-12 07:18 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-12 07:18 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-12 07:18 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-11 18:10 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\CyberLink
2007-10-11 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-10-11 17:56 <DIR> d-------- C:\Program Files\Google
2007-10-11 17:09 <DIR> d-------- C:\Program Files\CDex_150
2007-10-11 17:06 <DIR> d-------- C:\Temp
2007-10-11 17:05 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\ICQLite
2007-10-11 17:04 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\Hamachi
2007-10-11 17:04 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-11 17:01 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-11 17:01 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-10-11 16:56 <DIR> d-------- C:\Program Files\CyberLink
2007-10-11 16:56 505,392 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-10-11 16:56 353,840 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-10-11 16:53 <DIR> d-------- C:\Program Files\Opera
2007-10-11 16:50 <DIR> d-------- C:\Program Files\Winamp
2007-10-11 16:50 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-10-10 21:03 153,088 --a------ C:\WINDOWS\system32\irftp.exe
2007-10-10 21:03 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-10-10 21:03 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-10-10 21:03 26,624 --a------ C:\WINDOWS\system32\irmon.dll
2007-10-10 21:03 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-10 21:03 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-10-10 21:03 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-10-10 21:03 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-10-10 21:03 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-10-10 21:02 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2007-10-10 21:02 75,264 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
2007-10-10 21:01 <DIR> dr------- C:\Program Files
2007-10-10 21:01 <DIR> d--h----- C:\Documents and Settings\Default User\Šablony
2007-10-10 21:01 <DIR> d-------- C:\Documents and Settings\Default User\Plocha

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-25 15:20 14,787 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-17 10:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-11 13:53 --------- d-----w C:\Program Files\Realtek Sound Manager
2007-10-11 13:53 --------- d-----w C:\Program Files\Realtek AC97
2007-10-11 13:53 --------- d-----w C:\Program Files\AvRack
2007-10-11 13:49 --------- d-----w C:\Program Files\Intel
2007-10-11 13:23 --------- d-----w C:\Program Files\ASUSTeK
2007-10-11 13:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-11 13:12 --------- d-----w C:\Program Files\microsoft frontpage
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-25_ 6.27.18,00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-25 16:32:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_140.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 10:16]
"nwiz"="nwiz.exe" [2005-04-01 10:16 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 10:16]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 15:42 C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"hhkkqkpy"="C:\kobpupqw.bat" [2007-10-25 18:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-14 09:25]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^autorun.exe]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\autorun.exe
backup=C:\WINDOWS\pss\autorun.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"ERSvc"=2 (0x2)

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S0 kugkmiql;kugkmiql;C:\WINDOWS\system32\drivers\qshvfvis.sys

.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-25 18:40:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-25 18:42:04
.
--- E O F ---

Takže...?
Ď.


Offline

Užívateľ
Užívateľ
Prosím o pomoc s "printer.exe"+log z Hijacku

Registrovaný: 23.10.07
Prihlásený: 12.05.08
Príspevky: 10
Témy: 1 | 1
Napísal autor témyOffline : 25.10.2007 18:56 | Prosím o pomoc s "printer.exe"+log z Hijacku

A chcel som ešte dodař že system si stále stahuje aktualizačné súbory zo stránky filehippo.com. Ale nikde v nasteveniach ju nemožem nájst. Nevieme čo je to za stránka? V'daka.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25

Stiahnite Avenger -–>
http://swandog46.geekstogo.com/avenger.exe

Spustiť – „Input script manually“ – Lupa – Skopírovať kód – „Done“ – Semafor – Potvrdiť – Nasleduje reštart PC
Kód:
Files to delete:
C:\zip.exe
C:\avexport.bat
C:\kobpupqw.bat
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\autorun.exe
C:\WINDOWS\pss\autorun.exe

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | hhkkqkpy

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^autorun.exe


Otestuj na http://www.virustotal.com a vlož sem výsledky:

C:\WINDOWS\system32\drivers\qshvfvis.sys
C:\WINDOWS\system32\drivers\ywubblix.sys



Filehippo => http://filehippo.com/ (sťahovanie programov)



Mohli by ste mi zaslať na mail zálohu avengeru, ktorá bude na C v priečinku Avenger ---> backup.zip

Návod => http://www.pcforum.sk/ako-mi-zasielat-s ... 23559.html

Diki :)


Offline

Užívateľ
Užívateľ
Prosím o pomoc s "printer.exe"+log z Hijacku

Registrovaný: 23.10.07
Prihlásený: 12.05.08
Príspevky: 10
Témy: 1 | 1
Napísal autor témyOffline : 25.10.2007 21:36 | Prosím o pomoc s "printer.exe"+log z Hijacku

vykonané! zálohu avangeru zasielam následovne na mail.

Test cez virustotal:

qshvfvis.sys - nie je v systéme

ywubblix.sys - dopodol cez virustotal nasledovne:

Soubor ywubblix.sys přijatý 2007.10.25 21:07:09 (CET)
Současný stav: Dokončeno
Výsledek: 0/32 (0%)
Formátované
Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2007.10.26.0 2007.10.25 -
AntiVir 7.6.0.27 2007.10.25 -
Authentium 4.93.8 2007.10.25 -
Avast 4.7.1074.0 2007.10.25 -
AVG 7.5.0.503 2007.10.25 -
BitDefender 7.2 2007.10.25 -
CAT-QuickHeal 9.00 2007.10.25 -
ClamAV 0.91.2 2007.10.25 -
DrWeb 4.44.0.09170 2007.10.25 -
eSafe 7.0.15.0 2007.10.22 -
eTrust-Vet 31.2.5241 2007.10.25 -
Ewido 4.0 2007.10.25 -
FileAdvisor 1 2007.10.25 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.25 -
F-Secure 6.70.13030.0 2007.10.25 -
Ikarus T3.1.1.12 2007.10.25 -
Kaspersky 7.0.0.125 2007.10.25 -
McAfee 5149 2007.10.25 -
Microsoft 1.2908 2007.10.25 -
NOD32v2 2617 2007.10.25 -
Norman 5.80.02 2007.10.25 -
Panda 9.0.0.4 2007.10.25 -
Prevx1 V2 2007.10.25 -
Rising 19.46.31.00 2007.10.25 -
Sophos 4.22.0 2007.10.25 -
Sunbelt 2.2.907.0 2007.10.24 -
Symantec 10 2007.10.25 -
TheHacker 6.2.9.107 2007.10.25 -
VBA32 3.12.2.4 2007.10.25 -
VirusBuster 4.3.26:9 2007.10.25 -
Webwasher-Gateway 6.6.1 2007.10.25 -
Rozšiřující informace
File size: 60416 bytes
MD5: 4ad5d5229f85f42e873fda98190b2f19
SHA1: 7e1bc7c4f0324c0ad58b829b2524e0cb617ef158

:loony:
vdaka za venovany cas!


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25

Vlož ešte log z Avengeru - je v adresári Avenger na disku C. Mail ešte nedorazil. Tie súbory sa mi aj tak dva krát nepáčia, ale nechcem riskovať, že patria k niečomu, čo je OK.


Offline

Užívateľ
Užívateľ
Prosím o pomoc s "printer.exe"+log z Hijacku

Registrovaný: 23.10.07
Prihlásený: 12.05.08
Príspevky: 10
Témy: 1 | 1
Napísal autor témyOffline : 25.10.2007 21:56 | Prosím o pomoc s "printer.exe"+log z Hijacku

tu je ten log z avengeru: ale ide aj cez mail

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ufeqvipx

*******************

Script file located at: \??\C:\Program Files\ecmytswv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\exploeee.exe not found!
Deletion of file C:\WINDOWS\exploeee.exe failed!

Could not process line:
C:\WINDOWS\exploeee.exe
Status: 0xc0000034



File C:\WINDOWS\mraerea.exe not found!
Deletion of file C:\WINDOWS\mraerea.exe failed!

Could not process line:
C:\WINDOWS\mraerea.exe
Status: 0xc0000034



File C:\WINDOWS\mteadea.exe not found!
Deletion of file C:\WINDOWS\mteadea.exe failed!

Could not process line:
C:\WINDOWS\mteadea.exe
Status: 0xc0000034



File C:\WINDOWS\pdoakac.exe not found!
Deletion of file C:\WINDOWS\pdoakac.exe failed!

Could not process line:
C:\WINDOWS\pdoakac.exe
Status: 0xc0000034



File C:\WINDOWS\shell.exe not found!
Deletion of file C:\WINDOWS\shell.exe failed!

Could not process line:
C:\WINDOWS\shell.exe
Status: 0xc0000034



File C:\WINDOWS\svhjdsah.exe not found!
Deletion of file C:\WINDOWS\svhjdsah.exe failed!

Could not process line:
C:\WINDOWS\svhjdsah.exe
Status: 0xc0000034



File C:\WINDOWS\wwdasdwdac.exe not found!
Deletion of file C:\WINDOWS\wwdasdwdac.exe failed!

Could not process line:
C:\WINDOWS\wwdasdwdac.exe
Status: 0xc0000034



File C:\WINDOWS\system32\explore.exe not found!
Deletion of file C:\WINDOWS\system32\explore.exe failed!

Could not process line:
C:\WINDOWS\system32\explore.exe
Status: 0xc0000034



File C:\WINDOWS\system32\hadjajr.ini not found!
Deletion of file C:\WINDOWS\system32\hadjajr.ini failed!

Could not process line:
C:\WINDOWS\system32\hadjajr.ini
Status: 0xc0000034



File C:\WINDOWS\system32\hanonvt.ini not found!
Deletion of file C:\WINDOWS\system32\hanonvt.ini failed!

Could not process line:
C:\WINDOWS\system32\hanonvt.ini
Status: 0xc0000034



File C:\WINDOWS\system32\hardlife.ini not found!
Deletion of file C:\WINDOWS\system32\hardlife.ini failed!

Could not process line:
C:\WINDOWS\system32\hardlife.ini
Status: 0xc0000034



File C:\WINDOWS\system32\printer.exe not found!
Deletion of file C:\WINDOWS\system32\printer.exe failed!

Could not process line:
C:\WINDOWS\system32\printer.exe
Status: 0xc0000034



File C:\WINDOWS\system32\spoolvs.exe not found!
Deletion of file C:\WINDOWS\system32\spoolvs.exe failed!

Could not process line:
C:\WINDOWS\system32\spoolvs.exe
Status: 0xc0000034



File C:\WINDOWS\system32\stdole32.dat not found!
Deletion of file C:\WINDOWS\system32\stdole32.dat failed!

Could not process line:
C:\WINDOWS\system32\stdole32.dat
Status: 0xc0000034



File C:\WINDOWS\system32\sulimo.dat not found!
Deletion of file C:\WINDOWS\system32\sulimo.dat failed!

Could not process line:
C:\WINDOWS\system32\sulimo.dat
Status: 0xc0000034



File C:\WINDOWS\system32\systems.txt not found!
Deletion of file C:\WINDOWS\system32\systems.txt failed!

Could not process line:
C:\WINDOWS\system32\systems.txt
Status: 0xc0000034

File C:\WINDOWS\system32\vtr.dll deleted successfully.


File C:\WINDOWS\system32\winavxx.exe not found!
Deletion of file C:\WINDOWS\system32\winavxx.exe failed!

Could not process line:
C:\WINDOWS\system32\winavxx.exe
Status: 0xc0000034



File C:\Documents and Settings\All Users\NABDKA~1\Programy\POSPUT~1\autorun.exe not found!
Deletion of file C:\Documents and Settings\All Users\NABDKA~1\Programy\POSPUT~1\autorun.exe failed!

Could not process line:
C:\Documents and Settings\All Users\NABDKA~1\Programy\POSPUT~1\autorun.exe
Status: 0xc0000034



File C:\Documents and Settings\All Users\NABDKA~1\Programy\POSPUT~1\info.exe not found!
Deletion of file C:\Documents and Settings\All Users\NABDKA~1\Programy\POSPUT~1\info.exe failed!

Could not process line:
C:\Documents and Settings\All Users\NABDKA~1\Programy\POSPUT~1\info.exe
Status: 0xc0000034



File C:\Documents and Settings\All Users\NABDKA~1\Programy\POSPUT~1\system.exe not found!
Deletion of file C:\Documents and Settings\All Users\NABDKA~1\Programy\POSPUT~1\system.exe failed!

Could not process line:
C:\Documents and Settings\All Users\NABDKA~1\Programy\POSPUT~1\system.exe
Status: 0xc0000034



File C:\Documents and Settings\Dominik\NABDKA~1\Programy\POSPUT~1\autorun.exe not found!
Deletion of file C:\Documents and Settings\Dominik\NABDKA~1\Programy\POSPUT~1\autorun.exe failed!

Could not process line:
C:\Documents and Settings\Dominik\NABDKA~1\Programy\POSPUT~1\autorun.exe
Status: 0xc0000034



File C:\Documents and Settings\Dominik\NABDKA~1\Programy\POSPUT~1\findfast.exe not found!
Deletion of file C:\Documents and Settings\Dominik\NABDKA~1\Programy\POSPUT~1\findfast.exe failed!

Could not process line:
C:\Documents and Settings\Dominik\NABDKA~1\Programy\POSPUT~1\findfast.exe
Status: 0xc0000034



File C:\Documents and Settings\Dominik\NABDKA~1\Programy\POSPUT~1\info.exe not found!
Deletion of file C:\Documents and Settings\Dominik\NABDKA~1\Programy\POSPUT~1\info.exe failed!

Could not process line:
C:\Documents and Settings\Dominik\NABDKA~1\Programy\POSPUT~1\info.exe
Status: 0xc0000034



File C:\Documents and Settings\Dominik\NABDKA~1\Programy\POSPUT~1\system.exe not found!
Deletion of file C:\Documents and Settings\Dominik\NABDKA~1\Programy\POSPUT~1\system.exe failed!

Could not process line:
C:\Documents and Settings\Dominik\NABDKA~1\Programy\POSPUT~1\system.exe
Status: 0xc0000034



Could not open file C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe for deletion
Deletion of file C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe failed!

Could not process line:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
Status: 0xc000003a



Could not open file C:\Documents and Settings\All Users\Start Menu\Programs\Startup\info.exe for deletion
Deletion of file C:\Documents and Settings\All Users\Start Menu\Programs\Startup\info.exe failed!

Could not process line:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\info.exe
Status: 0xc000003a



Could not open file C:\Documents and Settings\All Users\Start Menu\Programs\Startup\system.exe for deletion
Deletion of file C:\Documents and Settings\All Users\Start Menu\Programs\Startup\system.exe failed!

Could not process line:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\system.exe
Status: 0xc000003a



Could not open file C:\Documents and Settings\Dominik\Start Menu\Programs\Startup\autorun.exe for deletion
Deletion of file C:\Documents and Settings\Dominik\Start Menu\Programs\Startup\autorun.exe failed!

Could not process line:
C:\Documents and Settings\Dominik\Start Menu\Programs\Startup\autorun.exe
Status: 0xc000003a



Could not open file C:\Documents and Settings\Dominik\Start Menu\Programs\Startup\findfast.exe for deletion
Deletion of file C:\Documents and Settings\Dominik\Start Menu\Programs\Startup\findfast.exe failed!

Could not process line:
C:\Documents and Settings\Dominik\Start Menu\Programs\Startup\findfast.exe
Status: 0xc000003a



Could not open file C:\Documents and Settings\Dominik\Start Menu\Programs\Startup\info.exe for deletion
Deletion of file C:\Documents and Settings\Dominik\Start Menu\Programs\Startup\info.exe failed!

Could not process line:
C:\Documents and Settings\Dominik\Start Menu\Programs\Startup\info.exe
Status: 0xc000003a



Could not open file C:\Documents and Settings\Dominik\Start Menu\Programs\Startup\system.exe for deletion
Deletion of file C:\Documents and Settings\Dominik\Start Menu\Programs\Startup\system.exe failed!

Could not process line:
C:\Documents and Settings\Dominik\Start Menu\Programs\Startup\system.exe
Status: 0xc000003a



Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABCDECF0-4B15-11D1-ABED-709549C10000} not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABCDECF0-4B15-11D1-ABED-709549C10000} failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DoNotDelete
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DoNotDelete failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Printer
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Printer failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Spoolsv
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Spoolsv failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAVX
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAVX failed!
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools deleted successfully.


Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit failed!
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr deleted successfully.


Could not delete registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deletion of registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools failed!
Status: 0xc0000034



Could not delete registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit
Deletion of registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit failed!
Status: 0xc0000034



Could not delete registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Deletion of registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoControlPanel
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoControlPanel failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoWindowsUpdate
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoWindowsUpdate failed!
Status: 0xc0000034



Could not delete registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoControlPanel
Deletion of registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoControlPanel failed!
Status: 0xc0000034



Could not delete registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoWindowsUpdate
Deletion of registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoWindowsUpdate failed!
Status: 0xc0000034

Registry value HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Program C:\PrinterBegone\Third.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25

Hmm, to je nejaký iný log. Mail prišiel bez prílohy. Ešte raz použite ComboFix.


Offline

Užívateľ
Užívateľ
Prosím o pomoc s "printer.exe"+log z Hijacku

Registrovaný: 23.10.07
Prihlásený: 12.05.08
Príspevky: 10
Témy: 1 | 1
Napísal autor témyOffline : 25.10.2007 22:35 | Prosím o pomoc s "printer.exe"+log z Hijacku

takže nový výpis z ComboFixu, ale ako som už spomínal blokuje mi ho Sunbelt. Vypisuje že zaregistroval a zablokoval pokus o prienik viď:

Aplikace injektoru: <neznámý>
Popis aplikace: <neznámý>
Verze souboru:
Jméno produktu:
Verze produktu:
Vytvořeno: N/A
Poslední změna: N/A
Poslední přístup: N/A

Cílová aplikace: C:\ComboFix\catchme.cfexe
Popis aplikace: catchme
Verze souboru:
Jméno produktu:
Verze produktu:
Vytvořeno: 2007/10/25, 20:25:17
Poslední změna: 2007/10/20, 04:03:30
Poslední přístup: 2007/10/25, 20:26:31

Adresa injekce: 0x7C801D77


A teraz ten log:

ComboFix 07-10-25.3 - Dominik 2007-10-25 22:26:25.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.723 [GMT 2:00]
Running from: D:\Inštalačky\Hijack\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 )))))))))))))))))))))))))))))))
.

2007-10-25 18:32 60,416 --a------ C:\WINDOWS\system32\drivers\ywubblix.sys
2007-10-25 06:22 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 20:29 <DIR> d-------- C:\PrinterBegone
2007-10-23 11:11 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-22 16:14 <DIR> dr-h----- C:\Documents and Settings\Dominik\Data aplikací\SecuROM
2007-10-22 16:14 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-10-21 17:03 <DIR> d-------- C:\Program Files\vdownloader0.5
2007-10-21 16:52 <DIR> d-------- C:\Program Files\StrongDC++
2007-10-21 14:37 <DIR> d-------- C:\Program Files\DVD Shrink
2007-10-21 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2007-10-21 08:20 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2007-10-21 07:53 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-21 07:53 <DIR> d-------- C:\Program Files\CCleaner
2007-10-21 03:00 <DIR> d-------- C:\Program Files\Hamachi
2007-10-20 10:29 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-10-20 09:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-20 09:18 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-10-20 09:18 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-10-20 09:18 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-10-20 09:10 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-20 09:07 181,248 -----c--- C:\WINDOWS\system32\dllcache\rasmans.dll
2007-10-20 08:58 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-10-19 09:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2007-10-17 12:38 118,832 --a------ C:\WINDOWS\system32\SHW32.DLL
2007-10-17 12:21 <DIR> d-------- C:\Program Files\D-Tools
2007-10-17 12:21 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-10-17 12:21 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-10-17 09:34 <DIR> d-------- C:\Casino
2007-10-14 10:14 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\ICQ Toolbar
2007-10-13 21:36 <DIR> d-------- C:\Program Files\BearShare Applications
2007-10-13 20:53 <DIR> d-------- C:\Program Files\Decrypter
2007-10-13 20:37 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-10-13 20:37 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-13 20:26 <DIR> d-------- C:\Program Files\ICQToolbar
2007-10-13 20:25 <DIR> d-------- C:\Program Files\ICQ6
2007-10-13 20:21 <DIR> d-------- C:\Program Files\Ares
2007-10-13 16:06 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\ICQ
2007-10-13 16:05 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\InstallShield
2007-10-13 14:47 26,112 -ra------ C:\WINDOWS\LgUninst.exe
2007-10-13 14:46 <DIR> d-------- C:\Program Files\Lingea
2007-10-13 14:42 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\ACD Systems
2007-10-13 14:34 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2007-10-13 14:34 <DIR> d-------- C:\Program Files\ACD Systems
2007-10-13 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
2007-10-13 14:34 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2007-10-13 14:33 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-10-13 09:28 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-10-12 15:00 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-12 13:19 <DIR> d-------- C:\Program Files\ClonyXXL
2007-10-12 09:59 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\XnView
2007-10-12 09:59 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\SumatraPDF
2007-10-12 09:46 <DIR> d-------- C:\Program Files\SlySoft
2007-10-12 08:52 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-10-12 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Elaborate Bytes
2007-10-12 08:15 <DIR> d-------- C:\WINDOWS\pss
2007-10-12 07:52 <DIR> d-------- C:\Program Files\TC UP
2007-10-12 07:52 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\HEXelon
2007-10-12 07:52 15,872 --a------ C:\WINDOWS\system32\drivers\vd_filedisk.sys
2007-10-12 07:19 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-12 07:18 <DIR> d-------- C:\Program Files\Alwil Software
2007-10-12 07:18 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-10-12 07:18 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-12 07:18 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-12 07:18 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-12 07:18 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-12 07:18 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-12 07:18 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-11 18:10 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\CyberLink
2007-10-11 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-10-11 17:56 <DIR> d-------- C:\Program Files\Google
2007-10-11 17:09 <DIR> d-------- C:\Program Files\CDex_150
2007-10-11 17:06 <DIR> d-------- C:\Temp
2007-10-11 17:05 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\ICQLite
2007-10-11 17:04 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\Hamachi
2007-10-11 17:04 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-11 17:01 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-11 17:01 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-10-11 16:56 <DIR> d-------- C:\Program Files\CyberLink
2007-10-11 16:56 505,392 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-10-11 16:56 353,840 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-10-11 16:53 <DIR> d-------- C:\Program Files\Opera
2007-10-11 16:50 <DIR> d-------- C:\Program Files\Winamp
2007-10-11 16:50 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-10-10 21:03 153,088 --a------ C:\WINDOWS\system32\irftp.exe
2007-10-10 21:03 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-10-10 21:03 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-10-10 21:03 26,624 --a------ C:\WINDOWS\system32\irmon.dll
2007-10-10 21:03 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-10 21:03 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-10-10 21:03 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-10-10 21:03 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-10-10 21:03 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-10-10 21:02 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2007-10-10 21:02 75,264 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
2007-10-10 21:01 <DIR> dr------- C:\Program Files
2007-10-10 21:01 <DIR> d--h----- C:\Documents and Settings\Default User\Šablony
2007-10-10 21:01 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2007-10-10 21:01 <DIR> d--h----- C:\Documents and Settings\Default User\Okolní tiskárny
2007-10-10 21:01 <DIR> d--h----- C:\Documents and Settings\Default User\Okolní síť
2007-10-10 21:01 <DIR> d-------- C:\Documents and Settings\Default User\Oblíbené položky

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-25 20:19 15,311 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-17 10:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-11 13:53 --------- d-----w C:\Program Files\Realtek Sound Manager
2007-10-11 13:53 --------- d-----w C:\Program Files\Realtek AC97
2007-10-11 13:53 --------- d-----w C:\Program Files\AvRack
2007-10-11 13:49 --------- d-----w C:\Program Files\Intel
2007-10-11 13:23 --------- d-----w C:\Program Files\ASUSTeK
2007-10-11 13:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-11 13:12 --------- d-----w C:\Program Files\microsoft frontpage
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-25_ 6.27.18,00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-25 20:13:18 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 10:16]
"nwiz"="nwiz.exe" [2005-04-01 10:16 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 10:16]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 15:42 C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-14 09:25]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"ERSvc"=2 (0x2)

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S0 kugkmiql;kugkmiql;C:\WINDOWS\system32\drivers\qshvfvis.sys

.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-25 22:29:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-25 22:31:01
C:\ComboFix2.txt ... 2007-10-25 18:42
.
--- E O F ---



Už mám z toho hokej :?


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25

Ešte zmaž obsah tohto adresára:

C:\WINDOWS\Temp


+ Zbaľ celý adresár Avenger s heslom a tak pošli. Dík


Offline

Užívateľ
Užívateľ
Prosím o pomoc s "printer.exe"+log z Hijacku

Registrovaný: 23.10.07
Prihlásený: 12.05.08
Príspevky: 10
Témy: 1 | 1
Napísal autor témyOffline : 25.10.2007 22:47 | Prosím o pomoc s "printer.exe"+log z Hijacku

no, ešte som teraz stopol Sunbelt skenol to Combofixom (teraz už bez blokovania :roll: ) a vyliezlo z toho nasledovné:

ComboFix 07-10-25.3 - Dominik 2007-10-25 22:38:25.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.738 [GMT 2:00]
Running from: D:\Inštalačky\Hijack\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 )))))))))))))))))))))))))))))))
.

2007-10-25 18:32 60,416 --a------ C:\WINDOWS\system32\drivers\ywubblix.sys
2007-10-25 06:22 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 20:29 <DIR> d-------- C:\PrinterBegone
2007-10-23 11:11 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-22 16:14 <DIR> dr-h----- C:\Documents and Settings\Dominik\Data aplikací\SecuROM
2007-10-22 16:14 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-10-21 17:03 <DIR> d-------- C:\Program Files\vdownloader0.5
2007-10-21 16:52 <DIR> d-------- C:\Program Files\StrongDC++
2007-10-21 14:37 <DIR> d-------- C:\Program Files\DVD Shrink
2007-10-21 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2007-10-21 08:20 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2007-10-21 07:53 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-21 07:53 <DIR> d-------- C:\Program Files\CCleaner
2007-10-21 03:00 <DIR> d-------- C:\Program Files\Hamachi
2007-10-20 10:29 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-10-20 09:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-20 09:18 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-10-20 09:18 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-10-20 09:18 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-10-20 09:10 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-20 09:07 181,248 -----c--- C:\WINDOWS\system32\dllcache\rasmans.dll
2007-10-20 08:58 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-10-19 09:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2007-10-17 12:38 118,832 --a------ C:\WINDOWS\system32\SHW32.DLL
2007-10-17 12:21 <DIR> d-------- C:\Program Files\D-Tools
2007-10-17 12:21 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-10-17 12:21 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-10-17 09:34 <DIR> d-------- C:\Casino
2007-10-14 10:14 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\ICQ Toolbar
2007-10-13 21:36 <DIR> d-------- C:\Program Files\BearShare Applications
2007-10-13 20:53 <DIR> d-------- C:\Program Files\Decrypter
2007-10-13 20:37 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-10-13 20:37 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-13 20:26 <DIR> d-------- C:\Program Files\ICQToolbar
2007-10-13 20:25 <DIR> d-------- C:\Program Files\ICQ6
2007-10-13 20:21 <DIR> d-------- C:\Program Files\Ares
2007-10-13 16:06 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\ICQ
2007-10-13 16:05 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\InstallShield
2007-10-13 14:47 26,112 -ra------ C:\WINDOWS\LgUninst.exe
2007-10-13 14:46 <DIR> d-------- C:\Program Files\Lingea
2007-10-13 14:42 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\ACD Systems
2007-10-13 14:34 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2007-10-13 14:34 <DIR> d-------- C:\Program Files\ACD Systems
2007-10-13 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
2007-10-13 14:34 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2007-10-13 14:33 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-10-13 09:28 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-10-12 15:00 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-12 13:19 <DIR> d-------- C:\Program Files\ClonyXXL
2007-10-12 09:59 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\XnView
2007-10-12 09:59 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\SumatraPDF
2007-10-12 09:46 <DIR> d-------- C:\Program Files\SlySoft
2007-10-12 08:52 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-10-12 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Elaborate Bytes
2007-10-12 08:15 <DIR> d-------- C:\WINDOWS\pss
2007-10-12 07:52 <DIR> d-------- C:\Program Files\TC UP
2007-10-12 07:52 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\HEXelon
2007-10-12 07:52 15,872 --a------ C:\WINDOWS\system32\drivers\vd_filedisk.sys
2007-10-12 07:19 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-12 07:18 <DIR> d-------- C:\Program Files\Alwil Software
2007-10-12 07:18 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-10-12 07:18 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-12 07:18 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-12 07:18 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-12 07:18 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-12 07:18 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-12 07:18 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-11 18:10 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\CyberLink
2007-10-11 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-10-11 17:56 <DIR> d-------- C:\Program Files\Google
2007-10-11 17:09 <DIR> d-------- C:\Program Files\CDex_150
2007-10-11 17:06 <DIR> d-------- C:\Temp
2007-10-11 17:05 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\ICQLite
2007-10-11 17:04 <DIR> d-------- C:\Documents and Settings\Dominik\Data aplikací\Hamachi
2007-10-11 17:04 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-11 17:01 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-11 17:01 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-10-11 16:56 <DIR> d-------- C:\Program Files\CyberLink
2007-10-11 16:56 505,392 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-10-11 16:56 353,840 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-10-11 16:53 <DIR> d-------- C:\Program Files\Opera
2007-10-11 16:50 <DIR> d-------- C:\Program Files\Winamp
2007-10-11 16:50 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-10-10 21:03 153,088 --a------ C:\WINDOWS\system32\irftp.exe
2007-10-10 21:03 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-10-10 21:03 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-10-10 21:03 26,624 --a------ C:\WINDOWS\system32\irmon.dll
2007-10-10 21:03 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-10 21:03 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-10-10 21:03 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-10-10 21:03 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-10-10 21:03 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-10-10 21:02 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2007-10-10 21:02 75,264 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
2007-10-10 21:01 <DIR> dr------- C:\Program Files
2007-10-10 21:01 <DIR> d--h----- C:\Documents and Settings\Default User\Šablony
2007-10-10 21:01 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2007-10-10 21:01 <DIR> d--h----- C:\Documents and Settings\Default User\Okolní tiskárny
2007-10-10 21:01 <DIR> d--h----- C:\Documents and Settings\Default User\Okolní síť
2007-10-10 21:01 <DIR> d-------- C:\Documents and Settings\Default User\Oblíbené položky

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-25 20:19 15,311 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-17 10:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-11 13:53 --------- d-----w C:\Program Files\Realtek Sound Manager
2007-10-11 13:53 --------- d-----w C:\Program Files\Realtek AC97
2007-10-11 13:53 --------- d-----w C:\Program Files\AvRack
2007-10-11 13:49 --------- d-----w C:\Program Files\Intel
2007-10-11 13:23 --------- d-----w C:\Program Files\ASUSTeK
2007-10-11 13:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-11 13:12 --------- d-----w C:\Program Files\microsoft frontpage
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-25_ 6.27.18,00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-25 20:13:18 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 10:16]
"nwiz"="nwiz.exe" [2005-04-01 10:16 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 10:16]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 15:42 C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-14 09:25]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"ERSvc"=2 (0x2)

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S0 kugkmiql;kugkmiql;C:\WINDOWS\system32\drivers\qshvfvis.sys
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"

.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-25 22:41:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-25 22:42:49
C:\ComboFix2.txt ... 2007-10-25 22:31
C:\ComboFix3.txt ... 2007-10-25 18:42
.
--- E O F ---

Neviem ako ty ale ja tam nevidim rozdiel. Ale ja na to nie som fundovaný!
Pošlem ti ešte raz ten avenger. Ď.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25

Zmaž C:\WINDOWS\Temp


+ Nevravím, že sa niečo stane, ale myslím, že tie súbory tam nemajú čo robiť. Preto ak chceš, použi Avenger:
Kód:
Drivers to unload:
ywubblix
qshvfvis

Files to delete:
C:\WINDOWS\system32\drivers\qshvfvis.sys
C:\WINDOWS\system32\drivers\ywubblix.sys


Mail ešte neprišiel.


 [ Príspevkov: 20 ] 


Prosím o pomoc s "printer.exe"+log z Hijacku



Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy.

Log z Hijacku

v Antivíry a antispywary

1

402

11.02.2008 16:47

yaJohny

V tomto fóre nie sú ďalšie neprečítané témy.

pomoc pomoc prosim nefunguje internet

v Ovládače

7

219

09.09.2017 20:37

Smith Wesson

V tomto fóre nie sú ďalšie neprečítané témy.

Prosim Prosim POMOC

[ Choď na stránku:Choď na stránku: 1, 2 ]

v Antivíry a antispywary

43

725

16.12.2013 19:55

Mandy

V tomto fóre nie sú ďalšie neprečítané témy.

Prosím pomoc

v Operačné systémy Microsoft

8

276

20.11.2008 15:47

snow23

V tomto fóre nie sú ďalšie neprečítané témy.

Prosim POMOC!

[ Choď na stránku:Choď na stránku: 1, 2 ]

v Procesory

34

1518

09.11.2008 10:32

pukepulos

V tomto fóre nie sú ďalšie neprečítané témy.

PROSIM POMOC

v Antivíry a antispywary

11

1172

18.05.2008 17:53

br4n0

V tomto fóre nie sú ďalšie neprečítané témy.

prosím o pomoc

v Antivíry a antispywary

8

454

05.02.2008 9:05

biba5

V tomto fóre nie sú ďalšie neprečítané témy.

Prosim o pomoc :)

v Ovládače

6

188

31.07.2012 16:40

iqepp

V tomto fóre nie sú ďalšie neprečítané témy.

Prosim o pomoc

v Antivíry a antispywary

1

349

09.03.2008 17:47

yaJohny

V tomto fóre nie sú ďalšie neprečítané témy.

Prosím POMOC SURNE!

v Základné dosky

8

187

11.01.2013 14:33

lukac

V tomto fóre nie sú ďalšie neprečítané témy.

PROSIM O POMOC

v AMD - Advanced Micro Devices

9

503

23.01.2008 16:09

4Dimension

V tomto fóre nie sú ďalšie neprečítané témy.

Prosim o pomoc

v Ostatné programy

7

486

19.05.2008 13:51

shiro

V tomto fóre nie sú ďalšie neprečítané témy.

Prosím o pomoc

v PHP, ASP

6

821

07.03.2007 10:27

Quui

V tomto fóre nie sú ďalšie neprečítané témy.

prosim o pomoc

v Siete

0

259

15.12.2008 23:54

TeeBee008

V tomto fóre nie sú ďalšie neprečítané témy.

prosím o pomoc :(

v HTML, XHTML, XML, CSS

5

390

18.03.2008 16:52

emer

V tomto fóre nie sú ďalšie neprečítané témy.

prosim o pomoc !!!

v PC zostavy

2

248

24.01.2008 13:12

mimkork



© 2005 - 2017 PCforum, edited by JanoF